Tight  IT  Budgets 
Impair  Planning 
As  War  Looms 


Top  Execs  Demand  Data  Now 


Companies  lack  funds 
for  disaster  protection 

BY  DAN  VERTON 

Regardless  of  how  imminent  a 
U.S.-led  war  in  Iraq  might  be, 
IT  budget  constraints  are  pre¬ 
venting  many  companies  from 
taking  appropriate  security 
and  disaster-preparedness 
measures  to  defend  them¬ 
selves  against  possible  retalia¬ 
tory  terrorist  strikes. 

It’s  not  necessarily  that  the 
threat  is  being  ignored.  It’s 
just  that  the  money  many  IT 
managers  would  like  to  have 
to  combat  it  just  isn’t  there. 

John  Ervin,  a  systems  ad- 

Companies,  page  53 


States  struggle  to  pay 
for  homeland  security 

BY  PATRICK  THIBODEAU 

WASHINGTON 

States  are  rapidly  taking  steps 
to  standardize  systems,  elimi¬ 
nate  IT  redun¬ 
dancy  and  cut 
expenses  in  or¬ 
der  to  fund  cash- 
strapped  home¬ 
land  security  ini¬ 
tiatives. 

State  IT  spending  will  rise 
slightly  this  year,  much  of  it 
going  to  improve  administra¬ 
tive  and  health  systems,  Feder¬ 
al  Sources  Inc.  forecast  last 
week.  But  new  IT  projects  will 


be  rare,  because  funding  by 
Congress  for  homeland  secu¬ 
rity  is  less  than  what  IT  man¬ 
agers  say  they  need. 

“It’s  extremely  frustrating,” 
said  Rizwan  Ahmed,  whose 
duties  include  serving  as  CIO 
of  the  Louisiana  Department 
of  Natural  Resources.  Federal 
homeland  security  officials 
have  asked  his  agency  to  help 
produce  geographic  informa¬ 
tion  system  maps  of  critical  oil 
and  gas  pipelines.  Although 
the  mapping  is  getting  done, 
“it’s  at  the  expense  of  some  of 
our  own  projects,”  he  said. 

A  telling  sign  of  the  bleak 

outlook  was  of¬ 
fered  last  week 
by  FSI  Presi¬ 
dent  James 
Kane  at  the 
company’s  an¬ 
nual  state  con¬ 
ference.  Of  approximately  500 
potential  IT  spending  projects 
that  FSI  is  tracking  —  projects 
that  haven’t  yet  been  put  out  to 
bid  —  two-thirds  are  on  hold. 

States,  page  53 


But  legacy  systems 
hamper  delivery  of 
real-time  information 

BY  THOMAS  HOFFMAN 

A  growing  number  of  CIOs 
say  they’re  facing  increased 
pressure  to  deliver  real-time 
financial  and  operational  data 
to  their  CEOs  and  chief  finan¬ 
cial  officers,  who  want  to  be 
able  to  react  more  quickly  to 
changing  business  conditions. 

The  problem  is,  many  IT 
departments  are  struggling  to 
meet  such  demands  due  to 
legacy  system  constraints  and 
half-baked  enterprise  applica¬ 
tion  integration  efforts  that 
haven’t  been  aligned  with  cor¬ 
porate  business  processes. 

Extracting  financial  and  op¬ 
erational  information  for  use 
by  business  managers  “takes 
us  weeks,”  said  Steve  Scott, 
vice  president  of  IT  at  Vision 
Service  Plan,  a  Sacramento, 


Calif.-based  eye  care  benefits 
administrator  that  serves  36 
million  people  in  the  U.S. 

Scott  was  one  of  several 
technology  managers  who  not¬ 
ed  the  challenges  posed  by 
real-time  reporting  demands 
at  Computerworld’s  Premier 
100  IT  Leaders  Conference 
late  last  month.  He  said  VSP  is 
currently  constrained  by  a  23- 
year-old  financial  system  that 
it  plans  to  replace  within  the 
next  12  months.  Scott  added 
that  VSP  is  looking  to  install  a 
Real-Time  Data,  page  16 


New  BEA  Tool 
Wins  Guarded 
User  Support 

Developers  wary  of 
proprietary  features 
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WATCH 


CIOs  at  Allstate  Insurance, 
Documentum  and  Coast  Capital 
Savings  all  have  outsourcing 
success  stories  to  tell.  But  none  of  them  got  where  they 
are  by  following  conventional  playbooks.  Instead,  they 
focused  on  the  idiosyncrasies  of  their  companies’  busi¬ 
ness  needs.  So  did  the  CIOs  at  General  Motors  and 
Bank  One,  who  offer  up  some  of  the  tough  lessons 
they  learned  before  adopting  opposing  all-or-nothing 
approaches  to  IT  outsourcing. 


READ  THEIR  STORIES,  BEGINNING  ON  PAGE  39. 


BY  CAROL  SLIWA 

ORLANDO 

BEA  Systems  Inc.’s  new  Web- 
Logic  Workshop  8.1  tool  drew 
mixed  reactions  —  sometimes 
from  the  same  person  —  at  the 
software  maker’s  eWorld  con¬ 
ference,  held  here  last  week. 

The  allure  for  many  users  is 
the  point-and-click,  drop-and- 
drag  tool’s  potential  to  boost 
developer  productivity.  Sever¬ 
al  developers  called  Work¬ 
shop  compelling,  and  some  re¬ 
ferred  to  it  as  “Visual  Basic  for 
Java,”  referencing  the  Micro¬ 
soft  Corp.  tool  known  for  its 
ease  of  use. 

But  there’s  a  trade-off  for 
the  new  features.  Many  users 
took  note  of  various  propri¬ 
etary  application  program¬ 
ming  interfaces  and  class  li¬ 
braries  in  WebLogic  Work¬ 
shop  8.1  that  they  fear  may  re- 
BEA  Tool,  page  15 
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PATR I OT compliance  Solution 


COMPLIANCE  OR 


The  consequences  of  USA 
PATRIOT  Act  non-compliance 
are  substantial.  Enormous  fines 
are  being  imposed  that  range 
in  millions  of  dollars.  Not  to 
mention  the  added  s  in  tiny 
and  negative  publici  y.  It's  clear 
you  don't  want  to  be  next. 

Nor  do  you  have  to  be. 

0  u  r  PAT  RIOT  eo  m  p  I  i a  n  c  e 
Solution  integrates  your 
existing  customer  and 
transaction  information 


systems  into  a:  consolidated 


compliance  system  that 
not  only  detects  unusual 
activity,  but  also  automates 
its  investigation  and  its 
resolution  in  a  timely, 
secure,  and  meticulously 
documented  manner. 

USA  PATRIOT  Act  compliance 
is  just  one  example  of 
how  Sybase  is  helping 
today's  enterprises  achieve 
Information  Liquidity: 
a  highly  profitable  state 
where  all  your  information 
is  transformed  into  real 
economic  value. 

For  product  details,  visit 
sybase.com/ p  a  t  r  i  i  Ctsolution. 


SYBASE  INTEGRATION  TECHNOLOGIES.  EVERYTHING  WORKS 
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INFORMATI  LIQUIDITY 


©2003  Sybase,  Inc.  All  rights  reserved.  All  trademarks  arc  the  property  of  their  respective  owners. 


Can  your  antivirus  software  provide  double  the  scanning  power?  Ours  can. 

Making  sure  your  company  is  secure  gets  more  and  more  difficult  every  day.  That's  why  ©Trust™  Antivirus  v7 
from  Computer  Associates  uses  dual  scanning  engines  to  ensure  comprehensive  virus  protection.  It  processes 
data  in  real  time  to  search  out  and  eliminate  viruses,  and  it  also  scans  files  during  prescheduled  and 
off-peak  hours.  All  at  the  cost  of  most  single-engine  AV  products.  It's  more  than  just  twice  the  protection. 
It's  twice  the  peace  of  mind.  ca.com/etrust/antivirus 


eTrust™  Antivirus 


Computer  Associates® 


©2003  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved.  ©Trust™  Antivirus  was  formerly  known  as  ©Trust™  lnoculate/T.# 


QuickStudy:  Presence  Technology 

In  the  Technology  section:  Instant  messaging  introduced  us 
to  presence  technology,  which  lets  network  users  know  when 
other  users  are  connected  to  the  network  and  available  to  re¬ 
ceive  and  respond  to  messages.  Page  36 
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Microprocessors  on  the  March 

Future  Watch:  It’s  getting  harder  and  harder 
to  keep  Moore’s  Law  going,  but  chip  makers 
keep  finding  new  tricks  to  tease  more  perfor¬ 
mance  out  of  silicon.  Page  25 
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6  Manufacturers  expect  mod¬ 
est  IT  budget  increases,  with 
emphasis  on  integration,  sup¬ 
ply  chain  and  customer-facing 
projects. 

6  Microsoft  expands  its  Office 
family  with  new  additions. 

7  The  push  for  antispam  laws 

heats  up.  States  rush  to  pass 
bills,  but  Congress  may  pre¬ 
empt  them. 

7  CRM  still  inspires  caution. 

Fearing  repeats  of  past  fail¬ 
ures,  companies  roll  out  soft¬ 
ware  slowly. 

8  Bug-fixing  process  improves. 

The  sendmail  episode  reveals 
some  positive  changes,  but 
more  remains  to  be  done. 

8  SANS  lauds  Microsoft  for  se¬ 
curity  efforts,  presenting  the 
vendor  with  three  awards. 

10  Group  seeks  standards  for 

managing  Web  services. 

14  AT&T  launches  an  SSL-based 
VPN  service. 

14  Vendors  team  up  to  develop  a 
device  to  manage  remote  ac¬ 
cess  to  WANs  and  authenti¬ 
cate  wireless  LAN  users. 

16  Utility  turns  to  EAI  tools  to 

revamp  supply  chain  integra¬ 
tion  initiative. 

17  Antitrust  suit  widens  rift  in 
toner  cartridge  battle. 

18  Q&A:  Dell  exec  pushes  for 

fast  growth  of  company’s 
$1  billion  storage  unit. 


30  Compression  Relieves  Con¬ 
gestion.  Wide-area  network 
traffic-compression  appli¬ 
ances  promise  to  let  network 
managers  increase  traffic 
loads  without  expensive  up¬ 
grades  to  WAN  links.  Users 
tell  us  about  their  experiences 
with  these  products. 

32  Security  Manager’s  Journal: 
When  Bad  Things  Happen  to 
Good  Demos.  Rather  than 
showing  Vince  Tuesday  and 
his  team  how  its  security 
product  would  save  them 
some  time,  a  vendor  present¬ 
ed  a  demo  that  made  it  clear 
that  the  software  would  create 
extra  steps  for  the  user. 

MANAGEMENT 

39  Outsourcing  Watch  2003: 
Breaking  Outsourcing 
Boundaries.  Conventional 
wisdom  about  IT  outsourcing 
may  not  make  sense  for  your 
business.  Three  IT  leaders  tell 
how  they  got  great  results  by 
breaking  the  rules. 

42  Outsourcing  Watch  2003: 

All  Or  Nothing.  GM  and  Bank 
One  take  opposite  approaches 
to  outsourcing.  Their  CIOs 
share  the  lessons  learned 
from  the  different  strategies. 

44  Q&A:  Predictable  Surprises. 

Many  IT  disasters  are  pre¬ 
ventable  if  you  know  how  to 
spot  them  in  advance.  Learn 
what  to  look  for  in  an  inter¬ 
view  with  Michael  D.  Wat¬ 
kins,  who  co-wrote  an  article 
about  the  subject  in  the  Har¬ 
vard  Business  Review. 


10  On  the  Mark:  Mark  Hall 

learns  that  Web  services  man¬ 
agement  has  no  standards  — 
and  few  tools  to  help  in  the 
meantime. 

20  Patricia  Keefe  looks  at  the 
ways  you  should  have  already 
prepared  your  company  for  the 
possibility  of  war  with  Iraq. 

20  Pimm  Fox  discovers  a  univer¬ 
sal  problem  on  par  with  death 
and  taxes:  lost  data.  But  it’s 
most  painful  to  those  in  the 
financial  industry,  who  face 
new  rules  to  keep  track  of  all 
their  messaging  systems. 

21  Thornton  May  identifies  the 
real  IT  credibility  problem. 

It’s  not  with  IT  managers;  it’s 
with  users  who  don’t  know 
what  they  don’t  know. 

37  Nicholas  Petreley  wonders 
what  might  happen  in  a  soft¬ 
ware  World  Series. 

46  Bart  Perkins  warns  IT  man¬ 
agers  to  do  their  homework 
before  leaping  into  outsourc¬ 
ing  contracts. 

54  Frankly  Speaking:  Frank 

Hayes  says  you  should  stop 
what  you’re  doing  and  go 
patch  your  sendmail  servers. 
Now.  What  are  you  waiting 
for?  Do  it. 
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Blueprints  for  Network  Security 

SECURITY:  Every  company  needs  a  plan  for 
protecting  its  environment.  Expert  Marcia  J. 
Wilson  offers  advice  on  how  to  create  one. 

©  QuickLink  36303 

Breaking  the  ‘Concrete  Ceiling’ 

CAREERS:  Marguerete  Luter  and  Mary  Ann 
Wagner  offer  tips  on  how  women  can  get 
ahead  in  IT  —  with  ideas  that  apply  to 
everyone.  ©  QuickLink  36771 

Measure  Site  Activity  With  ASP 

DEVELOPMENT:  Learn  how  to  use  Microsoft’s 
free  Active  Server  Pages  technology  to  moni¬ 
tor  your  Web  site’s  active  sessions,  log-ins 
and  page  hits.  ©  QuickLink  36839 

All  Systems  Down 

STORAGE:  From  CIO  magazine  comes  an 
account  of  one  of  the  worst  health  care  IT 
crises  ever  —  and  what  CareGroup  CIO  John 
Halamka  learned  from  it.  ©  QuickLink  36605 

Wireless  Checklist 

MOBILE  &  WIRELESS:  Chuck  Gautney,  CTO  at 
Defywire  Inc.,  lays  out  a  number  of  points  to 
consider  before  embarking  on  an  in-house 
wireless  strategy.  ©  QuickLink  36766 

Back  to  School  With  the  Mac 

MACINTOSH:  As  Hunter  College’s  Film  and 
media  department  integrates  new  Apple 
hardware  and  software,  Yuval  Kossovsky  sets 
up  a  Netlnfo  catalog  for  lab  users.  Part  3  of  an 
ongoing  series.  ©  QuickLink  36815 
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each  page  on  our  site. 
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SCO  Sues  IBM 
For  SIB  Over  Unix 

The  SCO  Group  filed  a  lawsuit  in  a 
Utah  state  court  charging  IBM 
with  breaching  a  Unix  license 
agreement  and  stealing  trade  se¬ 
crets.  Lindon,  Utah-based  SCO, 
which  owns  the  source  code  for 
Unix,  claimed  that  IBM  is  illegally 
using  Unix  features  as  part  of  its 
Linux  services  business.  SCO  is 
seeking  damages  of  at  least 
$1  billion  and  threatening  to  re¬ 
voke  IBM’s  Unix  license.  An  IBM 
spokesman  said  the  suit  “is  full  of 
bare  allegations  and  no  facts.” 


IBM  Builds  Data 
Workload  Tools 

In  other  IBM  news,  the  company 
announced  three  tools  designed 
to  let  systems  automatically  shift 
computing  resources  to  meet  in¬ 
creases  in  data  processing  de¬ 
mands.  The  new  tools  initially  will 
work  with  the  latest  versions  of 
IBM’s  DB2  database  and  Web¬ 
Sphere  application  server  soft¬ 
ware.  IBM  said  its  IT  services  unit 
also  plans  to  use  the  technology 
as  part  of  its  offerings. 


SAP  Late  With  Apps 
For  Small  Business 

SAP  AG  added  five  industry-spe¬ 
cific  versions  of  business  applica¬ 
tions  it  has  tailored  for  small  and 
midsize  companies.  But  the  com¬ 
pany  confirmed  that  a  planned 
U.S.  rollout  of  general-purpose 
applications  for  those  users  has 
been  delayed.  SAP  said  it  expects 
the  mySAP  Business  One  soft¬ 
ware,  which  had  been  due  late 
last  year,  to  be  ready  within  the 
next  few  months. 


Short  Takes 

MICROSOFT  CORP.  released  a 
beta-test  version  of  a  corporate 
instant  messaging  and  real-time 
collaboration  tool,  code-named 
Greenwich _ GROOVE  NET¬ 

WORKS  INC.,  a  software  vendor  in 
Beverly,  Mass.,  said  it  received 
$38  million  in  new  financing  but 
laid  off  20%  of  its  workers. 


Manufacturing  Firms  Expect 
Modest  IT  Budget  Increases 


Emphasis  is  on  integration,  supply 
chain  and  customer-facing  projects 


BY  JAIKUMAR  VIJAYAN 

CHICAGO 

Integration  of  back-end  and 
plant-floor  applications,  as 
well  as  projects  that  build  bet¬ 
ter  links  with  suppliers  and 
customers,  is  where  many 
manufacturing  companies  will 
focus  their  IT  spending  this 
year. 

Despite  the  ongoing  reces¬ 
sion,  most  manufacturers  ex¬ 
pect  their  IT  spending  to  in¬ 
crease  modestly  this  year,  ac¬ 
cording  to  the  results  of  a  sur¬ 
vey  released  by  the  National 
Association  of  Manufacturers 
(NAM)  at  last  week’s  National 
Manufacturing  Week  trade 
show  here. 

Nearly  70%  of  the  300  main¬ 
ly  small  and  medium-size 
manufacturers  surveyed  said 
they  expect  IT  budgets  to 
grow  by  up  to  5%  over  last 
year.  Another  8%  said  their  IT 


spending  is  expected  to  grow 
between  5%  and  10%. 

Most  of  the  spending  will  be 
directed  at  improving  cus¬ 
tomer  linkages  as  well  as 
plant-floor  and  supply  chain 
efficiencies,  said  Jerry  Jasi- 
nowski,  president  of  the 
Washington-based  NAM. 

Additionally,  a  lot  of  the  re¬ 
sources  that  manufacturing 
companies  acquired  to  deal 
with  the  Y2k  rollover  are 
rapidly  becoming  obsolete  and 
due  for  revamps  this  year,  Jasi- 
nowski  said. 

On  Hold 

“We  were  really  on  hold  last 
year.  But  this  year,  we  are  ex¬ 
pecting  at  least  a  5%  increase 
in  IT  spending,”  said  Tony 
Raimondo,  CEO  of  Behlen 
Manufacturing  Co.,  a  supplier 
of  building  material  in  Colum¬ 
bus,  Neb.  One  of  the  bigger 


Manufacturers’ 
IT  Spending 
Plans  for  2003 


Expect  IT  spending 
to  increase 
up  to  5%. 


2% 

Expect 
more  than 
15%  growth 
in  IT  spending. 

NOTE:  Numbers 
do  not  add  up  to 
100%  due  to 
rounding. 


Expect  to 
spend  less 
than  last 


Expect 
increases  of 
5.1%  to  10%. 


3%  Expect 
spending  to  grow 
bv  10.1%  to  15%. 


projects  being  implemented 
by  Behlen  this  year  is  a  bar¬ 
code  system  that  will  allow 
the  collection  of  real-time  data 


on  products  being  assembled 
on  the  shop  floor.  Such  proj¬ 
ects  are  “key  to  unlocking  pro¬ 
ductivity  gains,”  he  said. 

“A  down  economy  is  the 
perfect  time  to  invest,”  said 
David  Krauthamer,  director  of 
information  systems  at  Ad¬ 


vanced  Fibre  Communications 
Inc.,  a  manufacturer  of  tele¬ 
communications  equipment  in 
Petaluma,  Calif.  “My  budget  is 
up,  particularly  capital.  We’re 
spending  money  on  customer 
collaboration,  demand  plan¬ 
ning,  portfolio  management 
and  a  human  resources  [sys¬ 
tem],”  said  Krauthamer.  The 
company  is  also  implementing 
a  project  to  significantly  reduce 
the  amount  of  fiber  it  has  to 
run  for  data  communications. 

Others,  such  as  IMC  Global, 
a  $2  billion  Lake  Forest,  111.- 
based  manufacturer  of  phos¬ 
phates,  expect  capital  expen¬ 
ditures  to  remain  flat  com¬ 
pared  with  last  year.  Even  so, 
projects  that  help  IMC  reach 
out  to  customers  and  suppli¬ 
ers  in  a  more  efficient  manner 
will  receive  priority,  said  Doug 
Pertz,  CEO  of  the  company. 

Such  plans  come  at  a  time 
when  three-fourths  of  NAM 
members  say  U.S  manufactur¬ 
ing  is  in  crisis.  Rising  operat¬ 
ing  costs  in  an  environment 
where  growth  and  export  sales 
are  stalled  are  the  causes,  ac¬ 
cording  to  Jasinowski. 

“These  are  certainly  the 
most  uncertain  times  for  man¬ 
ufacturing  in  modern  econom¬ 
ic  history,”  he  said.  I 


Microsoft  Expands  Its 
Office  Family  by  Two 


BY  CAROL  SLIWA 

Microsoft  Corp.  today  will  be¬ 
gin  distributing  a  beta  evalua¬ 
tion  kit  of  its  newly  named 
Office  System  product  set, 
which  includes  two  new  addi¬ 
tions  to  the  family. 

One  new  offering,  called 
InfoPath,  allows  users  to  cre¬ 
ate  and  complete  XML-based 
forms  and  submit  them  to 
XML-enabled  systems.  The 
other,  OneNote,  is  a  digital 
note-taking  application  that 
can  be  used  on  a  laptop,  desk¬ 
top  or  Tablet  PC. 

The  beta  evaluation  kit  also 
includes  the  five  products  that 
are  part  of  the  Office  2003 
suite:  Word,  Excel,  Outlook, 
PowerPoint  and  Access. 

Also  shipping  with  the  kit 


are  the  FrontPage  Web-site 
creation  and  management 
tool;  the  Office  Publisher 
product,  which  aims  to  help 
users  create  marketing  materi¬ 
als;  Windows  SharePoint  Ser¬ 
vices,  an  engine  for  creating 
Web  sites  that  enable  informa- 


NEW  PRODUCTS 


Microsoft 
Office  System 

INFOPATH:  Application  that  al¬ 
lows  users  to  create  and  com¬ 
plete  XML-based  forms  and  sub¬ 
mit  them  to  XML-enabled  sys¬ 
tems  and  business  processes. 


ONENOTE:  Digital  note-taking 
product  intended  to  help  users 
organize  and  search  their  notes. 


tion  sharing  and  document 
collaboration;  and  SharePoint 
Portal  Server  2.0,  which  inte¬ 
grates  information  from  vari¬ 
ous  systems  through  single 
sign-on  and  enterprise  appli¬ 
cation  integration  capabilities. 

Dan  Leach,  a  lead  product 
manager  in  Microsoft’s  infor¬ 
mation  worker  product  man¬ 
agement  group,  said  the  set  of 
products  is  now  referred  to  as 
the  Microsoft  Office  System  to 
reflect  the  comprehensive  set 
of  productivity  applications, 
servers  and  services  designed 
to  connect  people  and  organi¬ 
zations  to  their  information 
and  back-end  systems. 

This  is  the  second  beta  of 
Office  System,  and  Leach  said 
it  will  be  the  final  one,  though 
there  potentially  could  be  “re¬ 
lease  candidates”  before  the 
final  release  of  the  product  set 
this  summer. 

New  features  that  weren’t 
part  of  the  first  beta,  which 


was  released  in  October,  in¬ 
clude  junk-mail  filtering  and  a 
business  contact  manager  in 
Outlook  2003,  as  well  as  infor¬ 
mation  rights  management 
(IRM)  capabilities  that  enable 
users  to  control  access  to  doc¬ 
uments  they  create  with  Of¬ 
fice  products,  Leach  said. 

Recipients  of  protected  doc¬ 
uments  will  need  client  soft¬ 
ware  enabled  with  Microsoft’s 
IRM  viewing  capability  in  or¬ 
der  to  open  them,  Leach  said. 
Other  major  changes  in  the 
new  version  of  Office  include 
support  for  XML  and  Web  ser¬ 
vices,  he  said. 

Microsoft  Office  System 
pricing  has  yet  to  be  an¬ 
nounced.  Microsoft  first  post¬ 
ed  the  second  beta  of  Office 
2003  to  its  developer  network 
site  last  month,  only  to  pull 
the  software  a  few  hours  later, 
claiming  that  the  product 
wasn’t  ready  and  that  the  post¬ 
ing  was  inadvertent.  I 
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States  Rush  to  Pass 
Laws  to  Fight  Spam 

Congress  urged  to  preempt  states  by 
adopting  a  national  antispam  rule 


BY  PATRICK  THIBODEAU 

WASHINGTON 

Y  THE  END  of  this 
year,  all  50  states  may 
have  antispam  laws, 
and  Congress  could 
also  act  to  adopt  a  national 
law.  Lawmakers  have  never 
been  under  greater  pressure 
to  take  action  to  fight  spam. 
But  there’s  little  hope  that  leg¬ 
islation  will  bring  IT  man¬ 
agers  much  relief. 

So  far,  26  states  have  adopt¬ 
ed  spam  laws  that  do  things 
such  as  making  forged  address 
headers  illegal.  Other  laws  re¬ 
quire  that  “ADV,”  short  for  ad¬ 
vertisement,  be  included  in 
the  subject  line  of  unsolicited 
commercial  e-mail. 

Emily  Hackett,  state  policy 
director  of  the  Internet  Al¬ 
liance  in  Washington,  which 
represents  some  large  Internet 
service  providers,  said  states 
without  an  antispam  law  will 
soon  have  one.  “There  isn’t 
any  opposition  to  it,”  she  said. 

Marketing  Troubled 

But  the  state  bills  are  trou¬ 
bling  for  the  marketing  indus¬ 
try.  Some  allow  lawsuits 
against  spammers  that  violate 
posted  policies,  which  scares 
companies  that  use  unsolicit¬ 
ed  e-mail  to  prospect  for  cus¬ 
tomers.  There  are  also  states 
eyeing  a  “do-not-spam”  list 
similar  to  do-not-call  telemar¬ 
keting  lists. 

Congress  is  being  pushed  to 
act,  in  part  to  preempt  state 
laws  with  a  national  one.  The 
Direct  Marketing  Association 
(DMA)  in  New  York,  long  an 
opponent  of  any  spam  regula¬ 
tion,  is  now  backing  a  federal 
law  to  end  the  hodgepodge  of 
state  laws.  No  bills  have  been 
introduced  yet,  but  that’s  ex¬ 
pected  to  change. 

“It’s  very  difficult  to  keep 
track  of  varying  state  laws,” 


said  Louis  Mastria,  a  DMA 
spokesman,  who  added  that 
state  laws  are  ineffective  be¬ 
cause  a  marketer 
doesn’t  necessarily 
know  the  physical 
address  of  a  person 
being  solicited. 

The  state  laws  “set 
up  legitimate 
e-mail  marketers 
for  a  black  eye,”  he  said. 

Another  major  proponent  of 
action  is  Microsoft  Corp., 
which  last  month  ran  ads  in 
newspapers  saying  that  “new, 


Fearing  failure, 
companies  roll  out 
software  slowly 

BY  MARC  L.  SONGINI 

CHICAGO 

Despite  several  years  of  tech¬ 
nology  evolution,  rollouts  of 
customer  relationship  man¬ 
agement  (CRM)  software  still 
pose  challenges  that  are  caus¬ 
ing  many  companies  to  pro¬ 
ceed  with  caution. 

Corporate  IT  managers  con¬ 
tinue  to  face  considerable  pit- 
falls  on  CRM  installations,  ac¬ 
cording  to  Scott  Nelson,  a 
Gartner  Inc.  analyst  who 
spoke  at  the  consulting  firm’s 
CRM  Summit  Spring  2003 
conference  here  last  week. 
Nelson  said  Gartner  last  year 
surveyed  hundreds  of  compa¬ 
nies  that  have  installed  CRM 
applications,  and  about  55%  of 
the  respondents  characterized 
their  rollouts  as  failures. 

Several  conference  atten¬ 
dees  acknowledged  that  adop¬ 
tion  of  CRM  tools  by  end 
users  can  be  very  slow.  Many 


strong  laws  are  needed”  to 
combat  spam.  The  U.S.  Feder¬ 
al  Trade  Commission  is  plan¬ 
ning  a  three-day  forum  on 
spam  next  month,  an  event 
that’s  seen  as  a  pivotal  gather¬ 
ing  of  all  sides  in  the  debate. 

The  success  of 
any  legislation  will 
depend  on  en¬ 
forcement,  said 
Michael  Redman, 
information  sys¬ 
tems  director  at 
Nicholson  Manu¬ 
facturing  Co.  in  Seattle.  Wash¬ 
ington  has  an  antispam  law, 
but  Redman  said  he’s  seen  lit¬ 
tle  impact  from  it.  “There  is  a 
substantial  amount  of  legisla- 


users  are  interested  in  CRM 
capabilities,  but  the  technolo¬ 
gy  “causes  fear,”  said  Shawn 
Kaplan,  director  of  marketing 
and  business  development  at 
New  York-based  financial  data 
provider  Reuters  America  Inc. 

Reuters  has  rolled  out 
Siebel  Systems  Inc.’s  CRM  ap¬ 
plications  internally  and  is 
now  looking  to 
provide  CRM 
functionality  to 
financial  advisers 
who  use  Reuters 
data.  But  if  CRM 
tools  are  provid¬ 
ed  as  stand-alone 
applications, 
many  users  aren’t 
going  to  bother 
to  launch  them, 

Kaplan  said. 

With  that  in 
mind,  he  added, 

Reuters  plans  to  use  Web  ser¬ 
vices  integration  technology 
developed  by  CRM  vendor 
Onyx  Software  Corp.  in  Belle¬ 
vue,  Wash.,  to  develop  cus¬ 
tomizable  application  screens 
that  present  CRM  capabilities 


tion  out  there  already,”  he 
said.  “If  it’s  ignored  and  not 
enforced,  it  doesn’t  do  us  any 
good.” 

There  is  much  skepticism 
that  new  laws  will  curb  spam, 
because  finding  the  most 
egregious  spammers  is  diffi¬ 
cult.  “People  are  setting  up 
dummy  corporations  and  fly- 
by-night  operations,”  said 
Stephen  Winkelman,  an  Inter¬ 
net  attorney  at  Fennemore 
Craig  PC  in  Phoenix. 

Accompanying  the  push  for 
laws  are  efforts  to  create  stan¬ 
dards  for  regulating  e-mail. 

The  ePrivacy  Group  in 
Philadelphia  is  developing 
open-standards,  machine- 
readable  technology  that  sets 
minimum  principles  for  en¬ 
suring  that  an  Internet  service 
provider  doesn’t  filter  a  digi¬ 
tally  signed  message  from  a 
business. 

Filtering  sometimes  screens 
out  too  much  information, 


alongside  its  financial  data. 
That  way,  financial  advisers 
won’t  even  know  they’re  using 
the  technology,  Kaplan  said. 

Fairchild  Semiconductor  In¬ 
ternational  Inc.  is  using  a  bot¬ 
tom-up  strategy  on  its  CRM 
project  by  getting  feedback 
from  end  users  after  each  roll¬ 
out  of  a  tool,  said  Phaedra 
Bond,  lead  strategist  for  sales 
and  marketing  at  the  South 
Portland,  Maine-based  maker 
of  electronics  products. 

Even  so,  the  company  is 
moving  slowly. 

Fairchild  began 
rolling  out  Peo- 
pleSoft  Inc.’s 
sales  force  au¬ 
tomation  soft¬ 
ware  early  last 
year.  More  than 
350  end  users  are 
live  on  the  soft¬ 
ware  now,  but 
Bond  said  it’s  ex¬ 
pected  to  take  up 
to  three  years  to 
complete  the 
project.  “We’re  taking  a  sniper 
vs.  a  shotgun  approach,”  she 
explained. 

The  company  also  is  using  a 
combination  of  techniques  to 
encourage  use  of  the  software. 
Bond  noted.  On  one  hand,  it’s 


NEW  TOOLS 

Corporate  options  for  fighting 
spam  are  growing.  Read  more 
at  our  Web  site: 

O  QuickLink  36877 
www.computerworld.com 


CRM  Projects  Continue  to 
Inspire  Caution,  Users  Say 


UNUSED  SOFTWARE 

42% 

of  the  CRM 
end-user 
licenses  bought 
last  year  aren’t 
being  used. 


SOURCE.  GARTNER  INC.  SURVEY 
OF  600  COMPANIES 


*  Require  that  the  physics! 
location  of  the  sender  be  pro¬ 
vided  in  the  spam  e-mail. 

k  Require  that  the  recipient 
be  given  the  ability  to  opt  out 
using  an  Unsubscribe  link. 

v  Stipulate  that  mailing  lists 
must  be  refreshed  annually. 

■  Require  the  immediate 
removal  of  addresses  from 
lists  after  bounce-backs. 

*  Ensure  the  ability  to  sue  a 
spammer  who  violates  a 
company’s  e-mail  policy. 


said  Vincent  Schiavone,  the 
company’s  president.  “We 
don’t  see  a  way  where  you  can 
fix  e-mail  with  the  current 
protocol,”  he  said.  ► 


giving  sales  workers  some 
flexibility  in  the  way  they  use 
the  CRM  tools  after  a  mini¬ 
mum  amount  of  required  cus¬ 
tomer  data  is  entered  into  the 
system.  But  use  of  the  soft¬ 
ware  is  being  tracked  and  is 
required  for  compensation.  If 
companies  treat  CRM  projects 
solely  “as  a  technical  imple¬ 
mentation,  you’re  going  to 
fail,”  Bond  warned. 

Starting  Small 

Because  of  management  con¬ 
cerns  about  the  challenges  of 
implementing  CRM  software, 
American  Trans  Air  Inc. 

(ATA)  also  started  small,  ac¬ 
cording  to  Robert  Ellison,  di¬ 
rector  of  e-business  and  net¬ 
work  services  at  the  Indi¬ 
anapolis-based  airline. 

Since  July,  ATA  has  been 
rolling  out  a  set  of  data  ware¬ 
housing  and  CRM  analytics 
tools  developed  by  NCR 
Corp.’s  Teradata  division  for 
use  in  such  areas  as  managing 
e-mail  marketing  campaigns 
for  its  frequent-flier  program. 

But  the  Teradata  software  is 
still  being  used  by  only  about 
10  end  users,  Ellison  said.  “We 
have  been  taking  baby  steps,” 
he  noted.  “In  fact,  it  was  prob¬ 
ably  more  like  a  crawl.”  I 
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Bug  Disclosure,  Fix 
Process  Improving 

Sendmail  episode  shows  progress  made 


BY  JAIKUMAR  VIJAYAN 

everal  users  wel¬ 
comed  the  growing 
willingness  of  ven¬ 
dors  and  security  re¬ 
searchers  to  work  together  to 
identify  and  fix  software  vul¬ 
nerabilities  in  the  wake  of  last 
week’s  disclosure  of  a 
major  hole  in  a  widely 
used  e-mail  protocol. 

But  they  also  ex¬ 
pressed  concern  over  the 
practice  by  some  in  the 
security  community  to  release 
vulnerability  information  to 
certain  users  before  making  it 
available  to  the  public. 

Atlanta-based  security  ven¬ 
dor  Internet  Security  Systems 
Inc.  (ISS)  and  Emeryville, 
Calif.-based  Sendmail  Inc.  last 
week  disclosed  the  existence 


of  a  major  buffer-overflow 
vulnerability  in  the  sendmail 
mail-transfer  agent,  which 
handles  more  than  50%  of  all 
Internet  e-mail  traffic. 

ISS,  which  first  discovered 
the  hole  in  early  December, 
said  it  began  in  mid-January  to 
work  closely  with  the 
National  Infrastruc¬ 
ture  Protection  Cen¬ 
ter  —  now  part  of  the 
U.S.  Department  of  Homeland 
Security  —  to  warn  govern¬ 
ment  and  military  agencies  of 
the  flaw. 

The  sendmail  incident  ex¬ 
emplified  a  welcome  change 
in  attitude  relating  to  vulnera¬ 
bility  discovery,  disclosure 
and  response,  users  said. 

“The  security  community  is 
becoming  more  responsible 


and  is  making  better  decisions 
with  regard  to  when  they 
should  disclose  a  vulnerabil¬ 
ity,”  said  Mike  Tindor,  vice 
president  of  network  opera¬ 
tions  at  First  USA  Inc.,  an 
Internet  service  provider  in 
St.  Clairsville,  Ohio. 

There  is  a  growing  realiza¬ 
tion  that  “making  a  vulnerabil¬ 
ity  public  without  a  fix  is  not 
in  the  industry’s  best  interest,” 
said  Anthony  DeVoto,  a  Win¬ 
dows  NT  administrator  at  Vol¬ 
vo  Finance  North  America 
Inc.  in  Montvale,  N.J. 

“It’s  kind  of  like  a  car  com¬ 
pany  coming  out  on  the  6 
o’clock  news  and  saying  your 
car  is  going  to  blow  up  and 
they  don’t  know  how  to  fix  it,” 
said  David  Krauthamer,  direc¬ 
tor  of  information  systems  at 
Advanced  Fibre  Communica¬ 
tions  Inc.,  a  Petaluma,  Calif.- 


If  s  kind  of 
like  a  car  com¬ 
pany  . . .  saying  your 
car  is  going  to  blow 
up  and  you  don’t 
know  how  to  fix  it. 


DAVID  KRAUTHAMER,  DIRECTOR 
OF  INFORMATION  SYSTEMS, 

ADVANCED  FIBRE  COMMUNICATIONS 

based  manufacturer  of  tele¬ 
communications  equipment. 

“I  think  the  software  and  secu¬ 
rity  industry  has  matured  to 
the  point  where  it  is  unaccept¬ 
able  to  put  customers  in  a  po¬ 
sition  of  such  vulnerability,” 
he  added. 

Meanwhile,  software  ven¬ 
dors,  which  continue  to  come 
under  heavy  criticism  for  de¬ 
veloping  buggy  products,  are 
getting  “a  little  bit  better”  at 
disclosing  and  responding  to 
bug  reports,  said  Edward  York, 
chief  technology  officer  at  724 
Inc.,  a  Lampoc,  Calif.-based 
hosting  provider. 

Groups  such  as  the  Organi- 


SECURITY 


SANS  Institute  Lauds 
Microsoft  Security  Efforts 


Patch  automation, 
security  tests  cited 

BY  JAIKUMAR  VIJAYAN 

Microsoft  Corp.,  long  at  the  re¬ 
ceiving  end  of  widespread  user 
criticism  for  buggy  products, 
last  week  received  a  rare  pat  on 
the  back  for  its  security  efforts 
from  the  SANS  Institute. 

SANS,  a  research  organiza¬ 
tion  for  systems  administra¬ 
tors  and  security  managers 
in  Bethesda,  Md.,  gave  Micro¬ 
soft  awards  for  demonstrating 
leadership  in  three  security 
categories  at  the  Fifth  Nation¬ 
al  Information  Assurance 
Leadership  Conference  in 
San  Diego. 

The  company  won  awards 
for  leadership  in  providing  au¬ 
tomated  security  updates;  pro¬ 
viding  security  training  for 
software  developers;  and  pro¬ 
viding  testing  software  for 


security  vulnerabilities. 

Microsoft’s  award  in  the  au¬ 
tomated  updates  category  — 
which  it  shared  with  Linux 
supplier  Red  Hat  Inc.  —  was 
in  recognition  of  the  automat¬ 
ed  patching  service  for  Win¬ 
dows  XP  and  Win¬ 
dows  2000  Service 
Pack  3  and  above. 

Microsoft’s  secu¬ 
rity  training  pro¬ 
gram  for  software 
developers  earned 
the  company  its 
second  award, 
while  its  extensive 
automation  of  its 
software  testing  process 
snagged  the  third  one. 

The  awards  were  based 
on  criteria  and  feedback  from 
security  administrators  at  15 
large  institutions  that  SANS 
works  with  on  a  daily  basis, 
said  Alan  Paller,  director  of  re¬ 
search  at  SANS.  Many  of  those 


who  participated  in  the  deci¬ 
sion  process  were  administra¬ 
tors  working  in  organizations 
with  more  than  10,000  sys¬ 
tems,  Paller  said. 

“The  idea  of  illuminating 
vendors  who  are  doing  things 
that  are  industry-leading 
grew  out  of  a  series  of  meet¬ 
ings  with  users  who  were 
complaining  about  vendors 
making  security  hard  [to 
implement],” 
Paller  said. 

Word  of 
Microsoft’s 
awards  was 
greeted  with 
mixed  feelings. 

“  ‘Microsoft’ 
and  ‘security’  in 
the  same  sen¬ 
tence  is  usually  a 
joke,”  said  Matt  Kesner,  chief 
technology  officer  at  Fenwick 
&  West  LLP,  a  Mountain  View, 
Calif.-based  law  firm.  “I  give 
them  a  lot  of  credit  for  making 
security  a  higher  priority,  but  I 
would  like  to  see  a  lot  better 
fundamental  design  from 
them  before  I  start  handing 


out  any  awards,”  Kesner  said. 

“I  think  Microsoft  has  made 
great  strides  in  security,”  said 
Paul  Schmehl,  adjunct  infor¬ 
mation  security  officer  at  The 
University  of  Texas  at  Dallas. 
“They  are  ahead  of  some  of 
the  Unixes  and  at  least  on  par 
with  some  others,  [but]  they 
still  have  a  long  way  to  go,” 
he  said. 

The  awards  demonstrate 
the  importance  of  looking  at 
factors  other  than  just  total 
bug  count  when  evaluating  a 
vendor’s  security  practices, 
said  Pete  Lindstrom,  an  ana¬ 
lyst  at  Spire  Security  LLC  in 
Malvern,  Pa. 

“Counting  the  number  of 
identified  vulnerabilities 
alone  is  completely  without 
merit,”  Lindstrom  said.  It’s 
also  important  to  gather  infor¬ 
mation  on  factors  such  as  a 
vendor’s  training  practices, 
development  processes  and 
bug  tracking  methods,  he  said. 

“Sometimes,”  Lindstrom 
said,  “Microsoft  gets  a  bum 
rap  just  because  they  are  who 
they  are.”  I 


M ‘Microsoft’ 
and  ‘secu¬ 
rity’  in  the  same 
sentence  is  usu¬ 
ally  a  joke. 

MATT  KESNER,  CTO. 

FENWICK  &  WEST 


zation  for  Internet  Safety  are 
trying  to  propose  standard 
guidelines  for  reporting  and 
responding  to  vulnerability 
information.  And  several  secu¬ 
rity  companies  have  voluntar¬ 
ily  adopted  policies  governing 
the  release  of  vulnerability 
information. 

“The  processes  surrounding 
vulnerability  disclosure  have 
changed  significantly  during 
the  past  few  years  for  the 
community  as  a  whole,”  said 
Thor  Larholm,  a  security  re¬ 
searcher  at  PivX  Solutions 
LLC,  a  network  security  con¬ 
sultancy  in  Newport  Beach, 
Calif.  Instead  of  making  ad 
hoc  disclosures,  PivX  has  a  30- 
day  grace  period  for  vendors 
to  fix  a  problem  before  the 
public  is  made  aware  of  it. 

Questionable  Practices 

Despite  such  progress,  other 
issues  remain,  users  said. 

For  instance,  ISS’s  decision 
to  prenotify  several  govern¬ 
ment  and  military  agencies  of 
the  problem  is  understandable 
given  today’s  heightened  secu¬ 
rity  concerns,  users  said.  But  it 
highlights  a  practice  that  can 
encourage  “information  segre¬ 
gation  and  concealment,”  said 
Paul  Schmehl,  adjunct  infor¬ 
mation  security  officer  at  The 
University  of  Texas  at  Dallas. 

Many  security  organizations 
—  including  the  CERT  Coor¬ 
dination  Center  at  Carnegie 
Mellon  University  in  Pitts¬ 
burgh  and  ISS  —  routinely  sell 
advance  vulnerability  infor¬ 
mation  to  paying  subscribers. 
Strict  nondisclosure  agree¬ 
ments  govern  such  prenotifi¬ 
cations,  said  Dan  Ingevaldson, 
a  security  researcher  at  ISS. 

But  “safe  practice  is  that 
only  the  vendor  should  be  no¬ 
tified  [of  a  flaw]  so  they  can 
test  it  and  create  a  patch.  Only 
then  should  the  information 
be  made  available  to  anyone 
else,”  said  York.  I 


MORE  ONLINE 

A  hacker  site  posted  sendmail  exploit  code 
less  than  24  hours  after  public  disclosure  of 
the  vulnerability: 

QuickLink  a2950 

ISS  also  reported  a  Snort  vulnerability 
last  week: 


O  QuickLink  a2960 

www.computerworld.com 


The  new  HP  ProLiant  DL740 
8-way  with  hot-plug 
RAID  memory. 


The  new  HP  ProLiant  DL760 
G2  8-way  with  hot- plug 
RAID  memory. 


•  Ultradense  4u  modular  chassis 
with  up  to  eight  Intel®  Xeon™  MP 
1.5  GHz  or  2.0  GHz  processors 

■  Up  to  64GB  addressable  memory 

•  Groundbreaking  F8  chipset 

•  6-64  bit/100  MHz  PCI-X  slots 

•  Integrated  Lights-Out  Standard 
(iLO)  for  Remote  Server  Mgmt. 


•  Up  to  eight  Intel®  Xeon™  MP 

1.5  GHz  or  2.0  GHz  processors 

•  Up  to  64GB  addressable  memory 

•  Groundbreaking  F8  chipset 

•  10-64  bit/100  MHz  PCI-X, 

1-64  bit  33  MHz  slots 

•  Remote  Insight  Lights-Out  Edition  II 
(optional)  for  Remote  Server  Mgmt. 


What  challenges  do  you  face  today?  Decreasing  budgets?  The 
lurking  possibility  of  downtime?  It's  hard  enough  to  focus  on 
moving  your  business  forward  when  you're  constantly  looking 
over  your  shoulder  to  see  if  everything  is  up  and  running. 

Besides,  that's  the  job  of  the  new  HP  ProLiant  DL700  series 
running  Intel®  Xeon™  MP  processors.  An  adaptive  infrastructure 
begins  with  these  HP  ProLiant  servers  which  come  equipped 
with  tools  that  predict,  self-diagnose  and  fix  many  fault 
conditions.  And  now  with  hot-plug  RAID  memory  exclusively 
from  HP,  you  can  add  or  replace  DIMMs  without  turning 
your  systems  off.  Both  work  with  the  HP  ProLiant  Essentials 
Foundation  Pack  featuring  Insight  Manager  7software  which 
monitors  and  controls  your  infrastructure  for  maximum  uptime. 

At  the  end  of  the  day,  you'll  have  more  control  over  your 
infrastructure,  help  avoid  unplanned  downtime  and  reduce 
overall  maintenance  costs.  Not  to  mention  freeing  yourself 
up  for  more  important  things. 

To  learn  how  HP  ProLiant  servers  can  be  a 
part  of  maximizing  your  company's  uptime, 
download  CMP's  executive  brief  on  high  availability 
at  www.hp.com/go/proliant85  or  call 
T  -800-282-6672,  option  5,  and  mention  code  YPH. 


invent 


)  2003  Hewlett-Packard  Company.  Intel  and  the  Intel  Xeon  Logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 


10  COMPUTERWORLO  March  10, 2003 


Airlines  Agree  to 
Sell  Worldspan 

Worldspan  LP,  which  runs  a  com¬ 
puterized  reservations  system, 
said  its  airline  owners  have 
agreed  to  sell  it  to  two  investment 
firms.  American  Airlines  Inc., 
Delta  Air  Lines  Inc.  and  North¬ 
west  Airlines  Inc.  will  sell 
Worldspan  to  a  new  company  set 
up  by  Citigroup  Venture  Capital 
Equity  Partners  LP  in  New  York 
and  Teachers’  Merchant  Bank 
in  Toronto. 


Microsoft  Signs  App 
Lease  Services  Deal 

Microsoft  Corp.’s  IT  financing  unit 
announced  a  deal  to  offload  lease 
contract  management  services 
for  users  of  its  business  applica¬ 
tions  to  another  company.  The 
leasing  functions  will  now  be  han¬ 
dled  by  De  Lage  Landen  Financial 
Services  Inc.  in  Wayne,  Pa.  The 
Microsoft  Capital  Corp.  unit  said 
it  will  continue  to  offer  financing 
to  corporate  users  and  to  small  or 
midsize  companies. 


Peregrine  Lowers 
Revenue  by  S509M 

Peregrine  Systems  Inc.  restated 
its  financial  results  for  the  three 
fiscal  years  from  April  1999  to 
March  2002,  chopping  the  rev¬ 
enue  it  had  reported  by  $509  mil¬ 
lion.  That  reduced  the  original 
three-year  total  of  $1.34  billion  by 
38°/o.  Peregrine,  a  San  Diego- 
based  vendor  of  asset  manage¬ 
ment  software,  said  about  $259 
million  was  “reversed  for  nonsub- 
stantiated  transactions." 


Short  Takes 

INTEL  CORP.  this  week  plans  to 
launch  a  new  foray  into  the  note¬ 
book  PC  market  by  announcing 
six  mobile  processors  under  the 
name  Pentium  M _ SUN  MI¬ 

CROSYSTEMS  INC.  said  an  open- 
source  group  that’s  developing 
its  JXTA  peer-to-peer  computing 
software  has  released  an 
upgrade. 
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MARK  HALL  ■  ON  THE  MARK 

Vendors  Scramble  to  Fill 
Web  Services  Hole . . . 

. . .  in  application  management,  which  could  pose  a  serious  problem  to 
companies  rolling  out  Web  services-based  software.  Oded  Noy,  CTO 
at  Path  Communications  Inc.  in  Marina  Del  Rey,  Calif.,  worries  “that 
all  the  coding  errors  we  used  to  catch  at  compile  time,  we’re  now 
going  to  catch  at  runtime  in  Web  services.”  Hewlett-Packard’s  Open- 
View  group  has  addressed  the  issue  by  launching  its  Web  Services 


Management  Organization.  According  to 
its  CTO,  Al  Smith,  the  move  is  both  defen¬ 
sive  and  offensive.  In  the  former  category, 
HP  sees  companies  such  as  Path  poten¬ 
tially  stealing  away  OpenView  business. 
And  Smith  points  to  recent  venture  capi¬ 
tal  investments  in  Web  services  manage¬ 
ment  start-ups  such  as  AmberPoint  Inc. 
in  Oakland,  Calif.,  and  Flamenco  Net¬ 
works  Inc.  in  Alpharetta,  Ga.,  as  proof 
that  this  will  be  a  hot, 
competitive  market.  (Of 
course,  venture  capitalists 
also  showed  their  genius  by 
pouring  millions  into  Pets.- 
com  and  Webvan.)  In  the 
offensive  category,  he 
claims,  “we  can  extend 
the  definition  of  what  is 
management.”  Smith 
thinks  the  lack  of  Web 
services  management 
standards  and  tools  has 
dampened  its  adoption 
rate  among  users.  The 
lack  of  management  stan¬ 
dards  for  Web  services  is 
finally  being  addressed 
(see  story  below),  but  the 
standards  committee  will 
probably  take  a  year  to 
complete  its  first  draft. 


Until  then,  developers  of  Web  services 
will  have  to  do  the  work  themselves  to  man¬ 
age  applications  for  things  such  as  au¬ 
thentication,  performance  and  service- 
level  agreements.  If  they  think  of  them 
at  all.  “Management  is  not  something  de¬ 
velopers  think  of.  It’s  an  afterthought 
when  people  write  apps,”  Smith  laments. 
■  That’s  why  you  don’t  need  a  developer 
to  deploy  the  latest  version  of  the  Path 

Application  Manager,  or 
P.A.M.  3.5,  which  ships 
today.  According  to 
Path’s  Noy,  sysadmins 
can  do  it  after  an  appli¬ 
cation  is  in  production. 
He  claims  P.A.M.  3.5’s 
software  behavior- 
recognition  features 
should  catch  many  man¬ 
agement  problems  in 
Web  services  and  other 
applications.  Among  the 
new  features  in  P.A.M. 

3.5  are  controls  that  can 
identify  time-of-day,  time- 
of-month  and  time-of-year 
fluctuations  in  any  pro¬ 
gram.  ■  Once  those  Web 
services  get  written  and 
widely  deployed  —  man¬ 
aged  or  otherwise  —  few 


people  have  the  slighest  clue  about  how 
they  will  affect  network  performance. 
The  engineers  at  Redline  Networks  Inc. 
in  Campbell,  Calif.,  have  readied  for  de¬ 
livery  this  week  the  E/X  3250  Enterprise 
Accelerator  that  adds  compression,  load 
balancing  and  security  for  Web  servers  and  in¬ 
side  the  firewall.  CEO  Roy  Johnson  argues 
that  some  Web  services-based  applica¬ 
tions  will  require  very  large  data  struc¬ 
tures  or  interaction  among  lots  of  differ¬ 
ent  Web  services,  putting  extra  loads  on 
Web  servers  and  killing  their  perfor¬ 
mance  —  hence  the  3250.  Redline  Vice 
President  of  Engineering  Bill  Crane 
boasts  that  the  3250’s  protocol  scrubbing 
and  Secure  Sockets  Layer  certificates  for 
road  warriors  improves  security  by  protect¬ 
ing  Web  servers  from  buffer  overflows  and 
unauthorized  users.  ■  OpenVMS  users 
cheered  when  HP  said  it  had  an  11-year  life 
plan  for  the  venerable  operating  system.  And 
on  March  18,  they  can  let  loose  a  small 
whoop  for  the  general  availability  of  Ver¬ 
sion  6.2  of  SightLine  OpenVMS  Power 
Agent  from  Fortel  Inc.  in  Fremont,  Calif. 
The  performance  monitoring  and  report¬ 
ing  tool  will  be  able  to  handle  OpenVMS 
clusters  and  distinguish  among  opera¬ 
tional  differences  during  different  work¬ 
ing  hours.  ■  Whatever  your  views  on  the 
looming  war  with  Iraq,  Ivan  Eland,  direc¬ 
tor  of  the  newly  created  Center  for  Peace 
and  Liberty  at  The  Independent  Institute 
think  tank  in  Oakland,  suggests  that  IT 
may  be  at  the  center  of  an  Iraqi  war  strategy 
because  Saddam  Hussein  learned  from 
Vietnam,  Lebanon  and  Somalia  that  “the 
Achilles’  heel  of  the  American  military 
juggernaut  is  U.S.  public  opinion.”  Cyber¬ 
attacks  would  be  a  likely  way  to  under¬ 
mine  wavering  U.S.  support  for  the  war. 
He  adds,  “It  is  difficult  to  say  how  suc¬ 
cessful  the  Iraqis  would  be,  but  they  have 
had  more  than  a  year  of  U.S.  blustering 
to  put  a  plan  into  action.”  So,  take  a  little 
extra  time  this  week  to  secure  your 
systems.  I 


Storage  management  gets  a 
lift  today  from  Astrum  Soft¬ 
ware  Corp.  in  Boston  with  the 
release  of  its  active  storage 
management  product,  Astrum 
1.5.  The  new  version  includes 
support  for  Microsoft  Ex¬ 
change  2000,  Sybase  Inc, 
databases  and  localization  for 
German  and  French  versions  of 
Unix  and  Windows. 

Wind  River  Systems  Inc.  in 

Alameda,  Calif.,  will  announce 
this  week  that  it  has  landed  a 
deal  to  manage  the  data  moni¬ 
toring  of  the  world’s  largest 
offshore  wind  farm  along  the 
coast  of  Denmark. 


Web  Services  Management  Standard  Sought 


BY  MATT  HAMBLEN 

More  than  a  dozen  IT  vendors 
last  week  said  they  plan  to 
work  together  to  develop  a 
standard  way  to  manage  Web 
services  technologies  used  in 
distributed  applications. 

The  list  of  participating 
companies  includes  systems 
vendors,  such  as  IBM,  Hew¬ 
lett-Packard  Co.  and  Sun  Mi¬ 
crosystems  Inc.,  plus  develop¬ 
ers  of  management  tools,  such 
as  BMC  Software  Inc.,  Com¬ 


puter  Associates  International 
Inc.  and  Novell  Inc.,  according 
to  a  statement  by  the  Organi¬ 
zation  for  the  Advancement  of 
Structured  Information  Stan¬ 
dards  (OASIS)  consortium  in 
Billerica,  Mass. 

Microsoft  Corp.  wasn’t  on 
the  list.  A  Microsoft  official 
said  Web  services  manage¬ 
ment  is  an  important  topic  but 
added  that  the  company  has 
decided  not  to  join  the  OASIS 
effort  at  this  point. 


“Simply  put,  management  is 
the  next  major  barrier  to  main¬ 
stream  Web  services  adoption,” 
said  HP  CEO  Carly  Fiorina  dur¬ 
ing  a  speech  at  BEA  Systems 
Inc.’s  eWorld  conference  in  Or¬ 
lando.  Fiorina  also  said  HP  has 
added  Web  services  manage¬ 
ment  tools  to  its  OpenView 
software  and  created  deploy¬ 
ment  and  management  con¬ 
sulting  programs  for  Java-based 
Web  services  applications. 

OASIS  said  the  new  Web 


Services  Distributed  Manage¬ 
ment  (WSDM)  technical  com¬ 
mittee  it’s  setting  up  will  work 
with  other  standards  bodies, 
including  the  World  Wide 
Web  Consortium  and  Distrib¬ 
uted  Management  Task  Force 
Inc.  in  Portland,  Ore. 

Jason  Bloomberg,  an  analyst 
at  ZapThink  LLC  in  Waltham, 
Mass.,  said  the  WSDM  com¬ 
mittee  might  be  able  to  pro¬ 
duce  a  standard  within  a  year. 
Microsoft’s  absence  isn’t  that 
significant  for  now,  since  it 
could  adopt  the  standard  once 
it’s  published,  he  said.  I 


THERE’S  SHALLOW 
INTEGRATION  AND  THERE’S 

DEEP  INTEGRATION. 


MAKE  SURE  YOU 
KNOW  THE  DIFFERENCE 

BEFORE  YOU  DIVE  IN. 

Everybody  seems  to  be  jumping  into  integration  these 
days,  but  it  takes  a  deep  integration  solution  to  deliver 
the  true  benefits  of  a  real-time  business.  That's  what 
TIBCO  Software  delivers  with  The  Power  of  Now.™ 


The  Power  of  Now.  It's  the  transformation  of  your  company 
into  a  real-time  business.  It  unifies  and  optimizes  the  assets 
you  already  have — your  people,  systems  and  processes — to 
coordinate  end-to-end  activities  and  get  information  where 
and  when  it's  needed.  It's  a  business  operating  at  its  peak 
efficiency,  and  generating  immediate  and  measurable  results. 


Real-time  Results.  When  TIBCO  integrated  the  disk  drive  giant 
Seagate  with  its  partners  and  customers,  the  resulting  system 
delivered  superior  customer  service  and  enabled  the  company 
to  bring  its  products  to  market  faster.  And  when  TIBCO  created 
adidas-Salomon's  real-time  supply  chain,  it  resulted  in  faster 
time  to  market  and  higher  revenues  for  the  sporting  goods 
marketer.  That's  The  Power  of  Now. 


Learn  how  our  deep  integration  has  enabled 
real-time  business  for  other  Global  2000 
companies.  Call  800-420-8450,  or  visit  us  at 
www.tibco.com/cwa  to  obtain  your  Executive 
Guide  to  Real-Time  Business,  the  first  step 
toward  the  Power  of  Now. 


■TIBCO 

The  Power  of  Now" 
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SL3  Vo/vo  uses  . NET  connected  software  from  Microsoft  to  be  an  agile 

business.  A  premium  global  brand,  Volvo  Cars  operated  sites  in  dozens  of 
countries.  With  each  country  managing  its  own  site  locally,  their  Web  sites 
were  inconsistent  and  changes  were  difficult  to  implement.  With  plans  to 
localize  volvocars.com  for  more  than  40  markets,  they  turned  to  Microsoft 
Content  Management  Server,  which  let  them  centralize  management  of 
all  their  sites  to  ensure  uniform  branding.  Yet  it  allowed  content  owners 


worldwide  to  quickly  update  their  own  sites  with  local  information  in  their 
own  language.  And  IT  stays  contentedly  on  top  of  it  all. 


■  ?003  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countnes.  The  names  of  actual  companies  and  logos  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


.NET  connected  software  from  Microsoft  helps  you  make  content  management 

more  manageable.  With  every  change  in  your  business  needs  come  demands  for  more  ' /f,r  .  '  , 

Web  sites,  more  content,  and  a  faster  response  from  already  strained  IT  resources.  To 
find  contentment  in  this  setting,  consider  Microsoft1,  Content  Management  Server.  With  V  ;  ^  '  . 

native  support  for  XML,  it  integrates  with  your  existing  and  future  applications  to  create  a 
centralized  infrastructure  for  publishing  content  to  intranet,  extranet,  and  Internet  sites.  -  ,L  .;’v:: 

You  control  site  consistency,  while  empowering  content  owners  to  publish  their  own  pages.  i. 

So,  you  can  be  more  responsive  with  fewer  resources.  And  everyone  is  content. Tp  get  f;  >\ 

a  technical  overview,  visit  microsoft.com/content  ( Software  for  the  Agile  Business/)-; ••  f-  •; : : 


Microsoft' 
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AT&T  Launches  VPN 
Service  Based  on  SSL 

Aventail’s  remote-access  devices  to  be 
used  to  expand  networking  choices 


EMC,  Hitachi  End 
Patent  Dispute 

EMC  Corp.  and  Hitachi  Ltd. 
agreed  to  settle  dueling  patent- 
infringement  claims  related  to 
storage  technology.  Hitachi  will 
make  unspecified  “balancing 
payments”  to  EMC  as  part  of 
a  patent  cross-licensing  deal, 
the  companies  said.  They  also 
agreed  on  a  framework  for  ex¬ 
changing  application  program¬ 
ming  interfaces  (API),  and  EMC 
announced  a  similar  API  deal 
with  Veritas  Software  Corp.  in 
Mountain  View,  Calif. 


3Com  Sells  Off 
Carrier  Products 

3Com  Corp.  announced  a  deal  to 
sell  the  key  assets  of  its  Comm- 
Works  business  unit  to  UTStar- 
com  Inc.  in  Alameda,  Calif.,  for 
$100  million  in  cash.  Comm- 
Works  makes  IP-based  network¬ 
ing  equipment  for  telecommuni¬ 
cations  carriers.  Santa  Clara, 
Calif.-based  3Com  said  it  will  re¬ 
tain  a  license  to  the  technology. 


Palm  Says  Sales 
Will  Miss  Target 

Blaming  weak  sales  of  its  hand¬ 
held  devices  to  corporate  users, 
Palm  Inc.  warned  that  it  will 
report  lower-than-expected 
revenue  for  its  third  quarter, 
which  ended  Feb.  28.  Milpitas, 
Calif.-based  Palm  said  revenue 
will  total  about  $210  million, 
falling  short  of  its  $230  million 
to  $250  million  prediction.  Ana¬ 
lysts  recently  said  the  corporate 
market  for  handhelds  has  stag¬ 
nated  [QuickLink  36045]. 


Short  Takes 

IBM  recalled  about  56,000  PC 
monitors  sold  in  1997  and  1998 
because  of  a  faulty  component 
that  could  overheat. . . .  San 
Francisco-based  MACROMEDIA 
INC.  warned  of  a  security  flaw  in 
Version  6  of  its  Flash  Player  soft¬ 
ware  and  urged  users  to  install 
an  updated  release. 


BY  MATT  HAMBLEN 

t&t  corp.  today 
plans  to  join  forces 
with  Aventail  Corp. 
by  announcing  a 
deal  to  resell  that  company’s 
new  Secure  Sockets  Layer 
(SSL)  remote-access 
devices  as  part  of  a 
managed  virtual  pri¬ 
vate  network  (VPN) 
service. 

AT&T  said  it  will  charge 
customers  a  monthly  fee  for 
the  SSL  VPN  service  and  put 
the  tab  on  one  bill  along  with 
its  other  network  services  and 
connection  costs.  Seattle- 
based  Aventail  will  install  and 
service  its  rack-mountable 
EX-1500  appliance,  which  is 
designed  to  eliminate  the 


Security  appliance 
controls  end-user 
access  to  networks 

BY  MATT  HAMBLEN 

Funk  Software  Inc.  and  Net¬ 
work  Engines  Inc.  today  will 
release  a  jointly  developed  se¬ 
curity  appliance  for  authenti¬ 
cating  remote  users  connect¬ 
ing  to  corporate  WANs  as  well 
as  users  on  wireless  LANs. 

Canton,  Mass.-based  Net¬ 
work  Engines  built  and  will 
distribute  the  hardware,  which 
runs  remote  end-user  authen¬ 
tication  and  authorization 
software  developed  by  Cam¬ 
bridge,  Mass.-based  Funk. 

The  combined  product  is  a 
rack-mountable  device  that 
runs  under  Windows  2000 
Professional,  according  to  the 
two  companies,  which  an¬ 
nounced  plans  to  collaborate 


need  for  end  users  to  install 
remote-access  client  software 
on  laptop  PCs  and  other  mo¬ 
bile  computing  devices. 

The  reseller  agreement 
made  sense  partly  because  the 
two  companies  share  many 
global  customer  ac¬ 
counts,  said  John  Sul¬ 
livan,  extranet  prod¬ 
uct  manager  at  AT&T. 
Sullivan  wouldn’t  di¬ 
vulge  the  pricing  for  the  new 
VPN  service,  which  is  due  to 
be  rolled  out  as  early  as  next 
month.  Aventail  set  a  starting 
price  of  $20,000  on  the  EX- 
1500  when  the  SSL-based  ap¬ 
pliance  was  announced  in 
January  [QuickLink  35527]. 

Aventail  currently  offers  its 
own  SSL  VPN  managed  ser- 


on  the  appliance  in  January. 

Size  and  ease  of  deployment 
were  the  reasons  Care  New 
England  Health  System  in 
Providence,  R.I.,  deployed  an 
early  version  of  the  appliance 
last  month,  said  Larry  Pesce,  a 
LAN/WAN  specialist  at  the 
health  care  company. 

Thus  far,  about  two  dozen 
end  users  have  used  the  appli¬ 
ance  for  network  authentica¬ 
tion  over  dial-up  laptop  con¬ 
nections  or  to  gain  access  to 
Care  New  England’s  802.11 
WLANs,  Pesce  said.  Within 
weeks,  the  use  of  the  device 
will  be  scaled  up  to  handle 
about  1,000  medical  personnel 
at  three  major  facilities  and 
other  locations  throughout 
Rhode  Island,  he  added. 

The  appliance  not  only  pro¬ 
vides  authentication  services 
but  also  manages  the  configu¬ 
ration  process,  Pesce  said.  It 


vice  and  will  continue  to  do 
so.  But  Sullivan  said  the  sales 
forces  of  both  companies  will 
be  able  to  sell  AT&T’s  version 
of  the  managed  service,  with 
AT&T  acting  as  the  first  point 
of  contact  for  users. 

Weighing  Options 

New  York-based  Deloitte  Con¬ 
sulting  has  used  Aventail’s  SSL 
VPN  service  for  the  past  two 
years  to  manage  remote  access 
to  corporate  data  and  e-mail 
systems  for  15,000  workers 
worldwide,  said  CIO  Larry 
Quinlan.  Currently,  the  con¬ 
sulting  firm  relies  mainly  on 
WorldCom  Inc.  to  provide  re- 
mote-access  network  services. 

The  WorldCom  deal,  valued 
in  the  millions  of  dollars  annu¬ 
ally,  will  be  re-evaluated  with¬ 
in  the  next  12  months,  Quinlan 
said.  Deloitte  officials  “would 
like  more  integration  between 


would  have  taken  several  days 
or  weeks  to  buy  server  hard¬ 
ware  and  configure  it,  taking 
up  valuable  time  for  Care  New 
England’s  IT  staff,  he  noted. 
But  the  new  appliance  “just 


TECHNOLOGY  DETAILS 

S  B(  -Belted 
Radiui  Appliance 

$7,500, 
available  now 

Version  4.0  of 
Funk’s  Steel-Belted  Radius/ 
Enterprise  Edition  software 

Network  Engines’ 
1U  (1.75-in.)  rack-m  intable 
device,  running  an  8  6-MHz 
Intel  Pentium  III  processor 

Microsoft  Windows  2000 
Professional 


Vendors  Team  Up  to  Develop 
Remote-Authentication  Device 


remote-access  lines  and  the 
VPN,”  he  said.  But  if  they  con¬ 
sidered  the  joint  AT&T/Aven- 
tail  offering,  “we  would  insist 
on  some  cost  savings”  com¬ 
pared  with  buying  separate 
services,  Quinlan  added. 

AT&T  is  already  the  market 
leader  in  providing  VPN  ser¬ 
vices  that  support  the  IPsec 
security  protocol,  according  to 
Framingham,  Mass.-based 
IDC.  Unlike  SSL,  IPsec  re¬ 
quires  the  loading  of  client 
software  on  end-user  devices. 

Sullivan  said  AT&T  will 
continue  to  support  IPsec  in 
addition  to  offering  the  new 
SSL  VPN  service.  There’s 
“very  little  overlap”  between 
the  users  of  the  two  technolo¬ 
gies,  he  said. 

Although  SSL  VPNs  are 
increasing  in  popularity 
among  corporate  users,  the 
demand  for  IPsec  VPN  ser¬ 
vices  should  continue  to  show 
some  growth  in  installations 
because  that  protocol  offers 
stronger  security  algorithms 
than  SSL  does,  said  John 
Girard,  an  analyst  at  Gartner 
Inc.  in  Stamford,  Conn.  I 


worked  out  of  the  box,  no 
headaches  at  all,”  he  said. 

The  company  bought  and 
installed  two  of  the  appliances 
for  about  $30,000,  which  was 
10%  less  than  regular  server 
hardware  would  have  cost,  ac¬ 
cording  to  Pesce.  The  appli¬ 
ance  also  takes  up  very  little 
space  in  Care  New  England’s 
cramped  data  center,  he  said. 

Funk  competes  with  major 
vendors  such  as  Cisco  Sys¬ 
tems  Inc.  and  Microsoft  Corp., 
which  also  sell  authentication 
tools  that  support  the  Internet 
Engineering  Task  Force’s  Re¬ 
mote  Authentication  Dial-In 
User  Service  (RADIUS)  proto¬ 
col.  “But  Funk  often  gets  in  the 
door  for  ease  of  use,”  said  John 
Girard,  an  analyst  at  Gartner 
Inc.  in  Stamford,  Conn. 

The  market  for  RADIUS- 
based  remote  authentication 
products  and  services  is  ex¬ 
panding,  Girard  said,  adding 
that  appliances  combining 
hardware  with  software  are 
fashionable  now,  partly  be¬ 
cause  they  provide  all-in-one 
capabilities  to  users.  I 
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BEA  Tool 

strict  some  of  the  code  they 
write  to  BEA’s  runtime  engine. 

Craig  Mapes,  vice  president 
of  information  systems  and 
services  at  The  Huntington 
National  Bank  in  Columbus, 
Ohio,  said  his  company  will 
have  to  take  a  “deep  dive”  to 
see  how  much  of  the  Web- 
Logic  Workshop  tool  relies  on 
nonstandard  Java. 

“Is  it  the  silver  bullet,  or  is  it 
going  to  lock  us  into  some¬ 
thing  less  open?”  he  said.  “We 
don’t  want  to  be  locked  into 
anything  proprietary.  We’ve 
been  down  that  path  before.” 

For  many  users,  one  of  the 
most  appealing  aspects  of 
working  in  Java  has  been  its 
promise  to  run  on  any  operat¬ 
ing  system  or  application  serv¬ 
er,  so  long  as  the  code  con¬ 


forms  to  standards  vetted 
through  the  Java  Community 
Process  (JCP)  established  by 
the  language’s  creator,  Sun  Mi¬ 
crosystems  Inc. 

“Portability  is  the  whole 
thing  about  Java  to  me.  If  we 
want  vendor  lock-in,  we  can 
go  with  Microsoft,”  said  Marc 
Cox,  a  systems  analyst  at  New 
York-based  Teachers  Insur¬ 
ance  and  Annuity  Association 
-  College  Retirement  Equities 
Fund. 

The  Need  for  Ease 

But  as  a  result  of  Java’s  grow¬ 
ing  maturity  and  acceptance, 
IT  shops  with  less  skilled  de¬ 
velopers  are  taking  up  the 
technology,  and  that  makes 
the  need  for  better  tools  more 
critical.  Also,  the  knock  that 
Java  is  too  complicated  has 
become  a  pressing  concern 
for  vendors  that  now  must 
compete  against  Microsoft’s 


Nonstandard  Java  Technologies  in 
BEA’s  WebLogic  Workshop  Tool 


TECHNOLOGY 

DESCRIPTION  STATUS 

Java  Page  Flow 

New  file  format  that  contains  To  be  submitted  to 

the  business  logic,  state  and  Java  Community 

navigation  flow  of  a  Web  appli-  Process, 

cation;  built  upon  a  Struts- 
based  Web  application  pro¬ 
gramming  model 

Web  Services 
Metadata  for  the 
Java  Platform 

Defines  an  annotated  Java  for-  JSR  181 .  Work  in 

mat  that  uses  Java  Language  progress.  Expert 

Metadata  (JSR  175)  to  enable  group  formed  last 
easy  definition  of  Java  Web  ser-  April. 
vicesinaJ2EE  container. 

Process  Defin¬ 
ition  for  Java 

Defines  an  annotated  Java  syn-  JSR  207.  Vote  on 
tax  and  APIs  for  programming  acceptance  of 

business  processes  in  Java.  JSR  due  March  17. 

Metadata 

Facility  for  the 

Java  Program¬ 
ming  Language 

Allows  classes,  interfaces,  fields  JSR  175.  Work  in 
and  methods  to  be  marked  as  progress.  Expert 

having  particular  attributes.  group  formed  last 

April. 

Content 

Repository 
for  Java 

Specifies  a  standard  API  to  ac-  JSR  170.  Expert 
cess  content  repositories  in  group  formed  last 

Java  2  independently  of  imple-  month, 
mentation. 

Portlet 

Specification 

Defines  a  set  of  APIs  for  portal  JSR  168.  Expert 

computing  addressing  the  areas  group  formed  last 
of  aggregation,  personalization,  month, 
presentation  and  security. 

Java  Rule 

Engine  API 

Defines  a  Java  runtime  API  JSR  94.  Public 

for  rule  engines.  review  period 

recently  closed. 

NOTE:  A  Java  Specification  Request  (JSR)  is  the  actual  description  of  a  proposed  and  final  specification 
for  the  Java  platform  under  the  Java  Community  Process  created  by  Sun  Microsystems  Inc.  to  evolve 

the  technology.  SOURCES:  BEA.  JAVA  COMMUNITY  PROCESS 


BEA  Executives  Provide  Glimpse 

Into  Company’s  Direction 


year-old  .Net  technology. 

“We,  like  our  primary  com¬ 
petitors,  all  have  to  introduce 
innovations  to  make  the  prod¬ 
ucts  easier  to  use,”  said  Scott 
Dietzen,  chief  technology  offi¬ 
cer  at  San  Jose-based  BEA. 
“And  some  of  those  are  in  our 
classes.” 

Dietzen  said  BEA’s  key  APIs 
—  such  as  Web  Services  Meta¬ 
data  and  a  Java  Rule  Engine  — 
are  already  moving  through 
the  Java’s  standards  body.  Oth¬ 
ers,  such  as  Java  Page  Flow 
and  Process  Definition  for 
Java,  are  pending.  And  some 
minor  proprietary  pieces  may 
never  make  it  to  the  JCP,  he 
added. 

“We  take  the  most  critical 
interfaces  and  get  them  into 
the  standards  process  because 
that’s  where  the  investment 
protection  is  most  needed,” 
said  Dietzen.  “Putting  100%  of 
our  APIs  into  the  Java  stan¬ 
dards  process  is  too  expensive. 
It  would  cost  a  huge  amount  of 
money,  and  the  net  return  to 
customers  is  very  small.” 

So  BEA  is  instead  striving  to 
give  customers  “90-plus  per¬ 
cent”  investment  protection, 
Dietzen  said.  Customers  may 
have  to  do  “a  little  bit  of  re¬ 
work”  to  port  code  to  another 
Java  container,  but  that’s  “dra¬ 
matically  better”  than  any  op¬ 
tion  they  ever  had,  he  said. 

However,  Mark  Driver,  an 
analyst  at  Gartner  Inc., 
claimed  that  there  is  “so  much 
proprietary  plumb¬ 
ing  inside  of  Work¬ 
shop  that  there’s  no 
practical  way  to 
port  the  code  to  an¬ 
other  vendor’s 
products.” 

Driver  said  Gartner  is  advis¬ 
ing  BEA  customers  to  limit  the 
use  of  Workshop  to  tactical 
projects  where  a  return  on  in¬ 
vestment  can  be  realized  with¬ 
in  two  years,  since  the  tool 
will  likely  change. 

He  didn’t  fault  BEA’s  ap¬ 
proach,  and  he  praised  the 
company’s  efforts  to  standard¬ 
ize  its  technology.  “Any  ven¬ 
dor  who  wants  to  innovate  is 
going  to  have  to  become  more 
proprietary,  at  least  for  a  peri¬ 
od  of  time  until  the  standards 
catch  up,”  Driver  said. 

But  as  several  users  pointed 


BEA  Systems  will  focus  on  se¬ 
curity,  application-level  man¬ 
agement  and  process-oriented 
programming  in  future  product 
releases,  company  executives 
said  last  week. 

Alfred  Chuang,  CEO  of  the 
San  Jose-based  software  mak¬ 
er,  told  Computerworld that  his 
company  is  building  a  security 
server.  He  said  it  will  be  sold  as 
a  separate  product  that  can  be 
hooked  to  non-BEA  products. 

“If  you’re  not  even  a  Web- 
Logic  shop  -  maybe  you’re  a 
mainframe  shop  -  you’ll  find  it 
useful,”  Chuang  pledged.  He 
said  he’s  not  sure  when  the 
product  will  be  ready  for  gener¬ 
al  release. 

BEA  in  February  acquired 
CrossLogix  Inc.,  a  privately  held 
Redwood  Shores,  Calif. -based 


out,  there’s  no  guarantee  that 
all  of  the  technology  will  be¬ 
come  a  standard.  And  even  if 
it  does,  there’s  no  guarantee 
that  it  will  be  adopted  by  oth¬ 
er  vendors,  such  as  IBM. 

Robert  Moffett,  systems  ar¬ 
chitect  lead  at  United  Parcel 
Service  Inc.’s  airlines  division 
in  Louisville,  Ky.,  is  evaluating 
BEA’s  WebLogic  application 
server,  integration  product 
and  workflow  capabilities 
against  similar 
products  from  BEA 
rival  IBM. 

Moffett  said  he 
likes  the  concept  of 
the  Workshop  tool, 
which  works 
across  all  BEA  products.  But 
he  said  he  has  concerns  about 
being  restricted  to  running 
code  written  with  Workshop 
on  only  BEA  products,  espe¬ 
cially  since  UPS  has  standard¬ 
ized  on  IBM’s  WebSphere  por¬ 
tal  software. 

“Everyone’s  going  to  have  to 
take  a  hard  look  at  how  [Web¬ 
Logic  Workshop]  aligns  with 
your  architectural  goals.  It’s  a 
very  conscious  decision  you 
need  to  understand  that  you’re 
taking,”  said  a  Web  develop¬ 
ment  manager  for  a  medical 
distributor  who  asked  not  to 


maker  of  enterprise  authoriza¬ 
tion  products.  The  CrossLogix 
technology  will  be  part  of 
BEA’s  ongoing  security  work, 
according  to  Rick  Jackson, 
vice  president  of  enterprise 
product  marketing  at  BEA. 

BEA  will  release  an  en¬ 
hanced  security  framework  that 
spans  the  products  in  its  up¬ 
coming  WebLogic  Platform  8.1 
-  which  include  the  application, 
portal  and  integration  servers. 
The  application  server  is  due 
this  spring,  with  the  full  plat¬ 
form  to  follow  this  summer. 

-  Carol  Sliwa 
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be  identified.  He  added  that 
he  still  finds  the  tool  “com¬ 
pelling.” 

James  Kline,  a  project  man¬ 
ager  at  The  ServiceMaster  Co. 
in  Downers  Grove,  Ill.,  said  he 
expects  that  most  of  his  com¬ 
pany’s  new  development  will 
be  on  WebLogic,  so  portability 
isn’t  a  huge  concern. 

David  Gallaher,  director  of 
IT  development  for  Jefferson 
County,  Colo.,  said  he  needs 
the  tool,  which  ships  this  sum¬ 
mer,  “to  salvage  all  my  old 
Cobol  programmers  and  get 
them  doing  something  pro¬ 
ductive  in  J2EE  [Java  2  Enter¬ 
prise  Edition]  without  having 
to  go  over  that  really  steep 
learning  curve.” 

Gallaher  said  that  if  porting 
is  ever  needed,  he  can  grab  the 
code  created  with  the  tool, 
copy  it  and  put  it  anywhere  he 
wants.  “It’s  still  Java  behind 
the  scenes,”  he  said.  Gallaher 
added  that  he  doesn’t  expect 
to  make  calls  to  many  propri¬ 
etary  class  libraries. 

“Would  I  prefer  that  the  tool 
was  absolutely  open?  Abso¬ 
lutely.  Can  I  live  with  it  this 
way?  Yeah,”  Gallaher  said.  “I 
mean,  what’s  my  alternative? 

|  Do  it  in  Microsoft,  where  they 
I  control  everything?”  I 
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Inventory  Costing  Systems  Pose  Real-Time  Data  Challenges 

when  it  comes  to  using  real-time 
information  to  react  to  changing 
market  conditions,  Rio  said.  To 
combat  such  problems,  an 
emerging  class  of  applications  is 
able  to  accommodate  real-time 
changes  in  costing  data,  he  said. 

Nevertheless,  companies  will 
likely  have  to  also  retain  their 
legacy  accounting  systems  in  or¬ 
der  to  meet  the  U.S.  Securities 
and  Exchange  Commission's  fi¬ 
nancial  reporting  requirements, 
Rio  added. 

-  Thomas  Hoffman 


Utility  Turns  to  EAI  Tools 
To  Revamp  Supply  Chain 


Another  problem  hampering  IT 
managers  who  are  trying  to 
make  data  available  to  business 
executives  on  a  real-time  basis 
is  their  companies’  reliance  on 
legacy  accounting  systems  that 
are  centered  on  so-called  stan¬ 
dard  costing  metrics. 

Standard  costing  is  an  ac¬ 
counting  technique  that’s  widely 
used  by  manufacturers  to  predict 
the  cost  of  product  inventories 
for  a  full  year  based  on  the 
prices  that  are  in  place  at  the 
end  of  the  previous  year. 


But  applications  that  support 
the  technique  have  limits,  said 
Ralph  Rio,  an  analyst  at  ARC  Ad¬ 
visory  Group  Inc.  in  Dedham, 
Mass.  For  example,  disk  drives 
sold  by  a  vendor  may  fetch  $500 
each  at  the  end  of  one  year  -  a 
price  that  will  be  built  into  the 
standard  costing  models  in  its 
accounting  system.  But  if  market 
conditions  change  and  prices 
have  to  be  cut  sharply,  the  new 
information  typically  won’t  be  re¬ 
flected  in  the  costing  models. 

That  can  be  “a  major  problem” 


Continued  from  page  1 

Real-Time  Data 

system  that  would  provide 
more  rapid  access  to  data,  but 
it  has  yet  to  make  any  technol¬ 
ogy  choices. 

Top-level  corporate  execu¬ 
tives  increasingly  want  to  keep 
a  close  watch  on  key  business- 
performance  indicators  so  they 
can  take  fast  action  when  nec¬ 
essary,  said  Sateesh  Lele,  chair¬ 
man  of  Global  Data  Systems 
USA,  a  San  Jose-based  IT  ser¬ 
vices  firm.  “In  order  to  do  that, 
they  need  to  have  summarized, 
synthesized,  real-time  informa¬ 
tion,”  Lele  said. 

For  example,  if 
there’s  a  drought 
in  the  Northeast, 
the  use  of  real¬ 
time  information 
to  gauge  demand 
for  umbrellas 
could  help  execu¬ 
tives  at  an  um¬ 
brella  maker  do 
“dynamic  pricing”  in  an  at¬ 
tempt  to  boost  sales,  said 
Steve  Andriole,  a  consultant  at 
Cutter  Consortium  in  Arling¬ 
ton,  Mass.,  and  a  professor  of 
IT  management  at  Villanova 
University  in  Pennsylvania. 

There  are  combinations  of 
technologies  that  can  help  put 
business  performance  infor¬ 
mation  in  the  hands  of  senior 
management  more  quickly,  in¬ 
cluding  middleware,  business 
process  integration  tools,  Web 
services  applications  and  data 
mining  tools.  But  they  go  only 
so  far  in  speeding  up  the  de¬ 
livery  of  data,  according  to  an¬ 
alysts.  For  instance,  informa¬ 
tion  stored  in  decision-sup- 
port  data  marts  is  often  up  to  a 
month  old,  Lele  said. 


In  addition,  many  compa¬ 
nies  have  rolled  out  enterprise 
resource  planning  systems 
that  are  tied  to  legacy  applica¬ 
tions  populated  with  outdated 
information.  “You  still  haven’t 
solved  your  real-time  prob¬ 
lem,”  said  Andriole,  a  former 
chief  technology  officer  at 
Cigna  Corp.  in  Philadelphia. 

Some  companies  have  made 
big  strides  toward  achieving 
real-time  data  availability.  At¬ 
lanta-based  Delta  Air  Lines 
Inc.,  which  has  invested  $1.5 
billion  in  its  IT  infrastructure 
since  1998,  has  integrated  its 
systems  so  tightly  that  there’s 
just  a  one-second  latency  in 
exchanging  data 
between  some  of 
its  business  units, 
said  CIO  Curtis 
Robb  during  a 
session  at  the 
Premier  100  con¬ 
ference. 

Still,  some  of 
the  challenges 
facing  IT  man¬ 
agers  who  are  trying  to  install 
real-time  data  access  capabili¬ 
ties  extend  beyond  technology 
to  issues  such  as  the  quality 
and  timeliness  of  information. 
For  instance,  Chris  McMahan, 
CIO  at  Wireless  Retail  Inc.,  a 
Scottsdale,  Ariz.-based  provid¬ 
er  of  wireless  products  and 
services  to  retailers,  said  a 
salesman  might  report  that  he 
sold  10  wireless  devices  in  a 
week  when,  in  fact,  he  sold 
eight  and  has  two  orders  in  the 
pipeline. 

“Every  company  I  know  of 
has  to  deal  with  the  fudge  fac¬ 
tor,”  Andriole  said.  “Some 
cynics  say  that  real-time  re¬ 
porting  is  terrible  because  it 
gives  you  the  ability  to  make 
wrong  decisions  faster.”  I 


Integration  software 
to  support  real-time 
data  exchanges 

BY  THOMAS  HOFFMAN 

Southern  Co.,  a  $10.55  billion 
utility  and  energy  services 
firm  in  Atlanta,  is  in  the  early 
stages  of  a  multiyear  enter¬ 
prise  application  integration 
(EAI)  effort  aimed  at  bolster¬ 
ing  revenue  and  lowering 
costs  throughout  its  extensive 
supply  chain  operations. 

As  part  of  a  project  that  be¬ 
gan  last  year  and  is  due  to 
continue  through  2006,  South¬ 
ern  is  pushing  to  add  real-time 
energy  trading  capabilities 
and  optimize  all  of  its  key  sup¬ 
ply  chain  functions,  including 
warehousing  and  inventory 
and  freight  management. 

To  support  the  effort,  South¬ 
ern  late  last  year  installed 
business  process  integration 
software  developed  by  Sunny¬ 
vale,  Calif. -based  Vitria  Tech¬ 
nology  Inc.  The  details  of  the 
rollout  will  be  announced  this 
week.  Southern  plans  to  use 
Vitria’s  BusinessWare  tools  to 
provide  real-time  exchanges 
of  purchasing  data  between  its 
systems  and  those  of  its  busi¬ 
ness  partners  through  an  ener¬ 
gy  trading  network  operated 
by  Pantellos  Group  LP  in  The 


Woodlands,  Texas. 

“We’re  trying  to  manage  the 
sourcing  process  from  the  raw 
materials  phase  all  the  way  to 
the  disposal  of  any  assets  that 
we’ve  acquired,”  said  Jacki 
Lowe,  vice  president  of  supply 
chain  management  at  South¬ 
ern,  which  is  also  using  rival 
message-queuing  middleware 
tools  from  IBM  and  Microsoft 
Corp.  as  part  of  the  project. 

Lowe  said  the  EAI  initiative 
is  aimed  at  providing  South¬ 
ern’s  business  executives  with 
greater  visibility  into  all  of  its 
supply  chain  operations.  The 
project  should  also  simplify 
some  IT  functions,  she  added. 

For  instance,  Southern’s  ac- 


AT  A  GLANCE 


Southern’s  Supply 
Chain  Push 

COMPANY  FACTS:  Sells  elec¬ 
tricity  and  natural  gas  to  4  million 
customers  in  the  Southeast;  had 
revenue  of  S10.55B  last  year 

BUSINESS  CHALLENGE:  Im¬ 
proving  its  supply  chain  by  lower¬ 
ing  costs  and  providing  better  re¬ 
liability  to  customers 

IT  STRATEGY:  Embarked  on  a 
multiyear  EAI  effort  that  includes 
the  use  of  Vitria’s  business  proc¬ 
ess  integration  tools  and  middle¬ 
ware  from  IBM  and  Microsoft 


counting  materials  and  pro¬ 
curement  system  links  to  75 
different  work-order  and 
accounting  applications 
throughout  the  company.  In 
turn,  many  of  those  systems 
are  tied  to  applications  at 
Southern’s  suppliers  and  other 
business  partners. 

But  anytime  a  change  is 
made  to  one  work-order  sys¬ 
tem,  follow-on  changes  have  to 
be  made  to  the  accounting  sys¬ 
tems  to  which  it’s  connected, 
Lowe  said.  The  use  of  Busi¬ 
nessWare  should  help  mini¬ 
mize  the  changes  “and  reduce 
some  of  our  support  costs  for 
those  systems,”  she  said. 

Lowe  declined  to  disclose 
how  much  Southern  is  invest¬ 
ing  in  the  EAI  project,  nor 
would  she  estimate  the  size  of 
the  payback  and  efficiency  im¬ 
provements  that  the  company 
expects  to  gain. 

Zarko  Sumic,  a  Bellevue, 
Wash.-based  analyst  at  Meta 
Group  Inc.,  said  a  growing 
number  of  energy  companies 
with  extensive  transmission 
and  distribution  businesses 
are  beginning  to  understand 
the  potential  for  using  EAI 
technology  to  help  make  their 
operations  more  efficient. 

Once  BusinessWare  is  fully 
operational,  Southern  next 
quarter  plans  to  begin  devel¬ 
oping  interfaces  to  systems  at 
some  of  its  energy  trading 
partners,  Lowe  said.  The  com¬ 
pany  expects  to  start  process¬ 
ing  transactions  through  the 
interfaces  in  June,  she  added.  I 


Howto  Manage  Real-Time  Data 


k  Don’t  try  to  transform  all  operational  data  into  real-time  information. 

Instead,  focus  on  areas  where  timeliness  matters  most,  such  as  sales  and  in¬ 
ventory  data. 

Be  careful  that  you're  not  just  delivering  old  or  outdated  information 

more  efficiently  to  your  CEO  and  other  business  executives. 

Don’t  rely  too  heavily  on  technologies  such  as  EAI  and  Web  services 

as  agents  of  change.  Cultural  and  business  process  issues  are  just  as  im¬ 
portant.  if  not  more  so. 

c»i?.ke  sure  that  there’s  a  business  case  for  real-time  reporting 

Initiatives  and  that  business  leaders  take  ownership  of  them. 


H  Every 
company 
I  know  of  has  to 
deal  with  the 
fudge  factor. 

STEVE  ANDRIOLE, CONSUL 
TANT,  CUTTER  CONSORTIUM 
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Congress  Takes  Notice 

The  legal  battle  is  getting  con¬ 
gressional  attention  because 
of  Lexmark’s  attempt  to  pro¬ 
tect  its  toner  cartridges  by 
citing  the  Digital  Millennium 
Copyright  Act  (DMCA),  a  1998 
law  aimed  at  stopping  music 
and  movie  piracy. 

In  an  interview,  Rep.  Rick 
Boucher  (D-Va.)  said  the  case 
illustrates  the  law’s  shortcom¬ 
ings  and  charged  Lexmark 
with  using  the  DMCA  to 
“thwart  competition”  —  a 
charge  that  Lexmark  denied. 

One  of  Lexmark’s  key  com¬ 
plaints  is  that  SCC,  in  repro¬ 
ducing  the  printer  chips,  vio¬ 
lated  the  DMCA  by  circum¬ 
venting  “secret  handshake” 
authentication  software  built 
into  the  devices  by  Lexmark. 

But  DMCA  critics  contend 
that  such  authentication  pro¬ 
tections  could  be  applied  to  a 
range  of  software  and  hard¬ 
ware  products.  In  January, 
Boucher  reintroduced  legisla¬ 
tion  that  aims  to  change  the 


10,000,000 


ten  million  users  across 
7,ooo  customers  globally 


companies  that  remanufacture 
toner  cartridges  out  of  the 
market.  To  buttress  that  claim, 
SCC  argued  that  about  35%  of 
the  toner  cartridges  sold  for 
use  with  Hewlett-Packard 
Co.’s  printers  are  remanufac¬ 


tured,  compared  with  about 
14%  for  Lexmark’s. 

Roger  Rydell,  a  Lexmark 
spokesman,  said  the  company 
“provides  more  choice  in  car¬ 
tridges  for  laser  printers”  than 
any  of  its  rivals.  I 


Antitrust  Suit  Widens  Cartridge  Battle 


Lexmark’s  use  of  the  DMCA. 

In  its  suit,  SCC  claims  that 
Lexmark’s  alleged  anticompet¬ 
itive  practices  are  squeezing 


BY  PATRICK  THIBODEAU 

A  North  Carolina  company 
that  remanufactures  toner  car¬ 
tridges  has  filed  an  antitrust 
lawsuit  against  printer  maker 
Lexmark  International  Inc., 
broadening  a  legal  fight  that 
could  affect  the  availability  of 
low-cost  cartridges. 

Sanford,  N.C.-based  Static 
Control  Components  Inc. 
(SCC)  claims  that  Lexmark  is 
trying  to  monopolize  the  car¬ 
tridge  market.  SCC’s  allega¬ 
tion  comes  after  Lexington, 

Ky. -based  Lexmark  filed  a  suit 
in  December  charging  that  the 
remanufacturer  illegally 
copied  some  of  the  chips  used 
to  mate  cartridges  to  Lex¬ 
mark’s  printers  [QuickLink 
36030]. 

Lexmark  won  the  first 
round  in  a  Feb.  28  ruling  by  a 
U.S.  District  Court  judge  in 
Kentucky.  The  judge  issued  a 
preliminary  injunction  that 
bars  SCC  from  making  the 
chips  used  in  replacement  car¬ 
tridges  for  two  of  Lexmark’s 
laser  printers.  SCC  filed  its 
antitrust  claim  that  same  day 
in  Greensboro,  N.C. 


DMCA’s  circumvention  re¬ 
strictions,  and  last  week  he 
sent  a  letter  to  House  mem¬ 
bers  citing  his  concerns  about 


Strength  in  Numbers. 


95%  of  surveyed 
customers  would 


recommend 

Remedy 


REMEDY’ 

SERVICE  MANAGEMENT  SOLUTIONS 


alliance  partners 
who  extend  Remedy’s 
solutions  globally 


1st  to  be  certified  as 
ITIL-compatible 
by  PinkVerify'" 


13,500 


over  13,500  trained 
developers  globally 


Remedy  is  the  leader  in  Service  Management  solutions.  Our  numbers  speak  for  themselves. 

Yet,  there  are  other  numbers  important  to  Remedy.  Operating  cost  reductions,  improvements  in  customer 
satisfaction,  increased  employee  productivity,  shorter  time  to  value — the  bottom-line  numbers  you  will  achieve 
by  using  Remedy’s  out-of-box  best  practice  applications  to  automate  service  management  processes. 

Your  success  depends  on  those  numbers.  Remedy  delivers  them. 


www.remedy.com/strength 

or  call  us  crt  1.888.294.5757 


Remedy* 

a  3MC  Software  company  " 
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Deli’s  Storage  Chief  Pushes  for  Fast  Growth 


BY  DON  TENNANT 

SCOTTSDALE.  ARIZ. 


As  the  executive  in  charge  of  Dell  Com¬ 
puter  Corp.’s  storage  unit,  Russ  Holt 


manages  what  he  calls  an  “emerging” 
business  that  already  produces  revenue 
of  $1  billion  per  year.  At  a  recent  confer¬ 
ence  held  here  by  Cambridge,  Mass.- 


V2X  Shared  Virtual  Array™  Subsystem 

The  only  disk  system  that  lets  you  use  100%  of  its  capacity,  so  you  can  consolidate 
your  data  and  save  on  your  budget.  Used  with  SnapVantage™  software,  you  can  easily 
consolidate  Linux  servers  and  centralize  system  management. 


L5500  Automated  Tape  Library 
&  T9940B  Tape  Drive 

Our  largest,  open  systems  tape  library  gives  you  ample  space  (up  to  13.2  PB)  to 
consolidate  data  from  all  your  different  systems.  And  with  200  GB  capacity  per  cartridge 
and  30  MB/second  transfer  rate,  the  T9940B  lets  you  do  more  work  in  less  time. 


based  Forrester  Research  Inc.,  Holt,  vice 
president  and  general  manager  of  Dell’s 
Enterprise  Systems  Group,  spoke  with 
Computerworld  about  where  Dell’s 
storage  foray  is  heading. 

Given  that  many  companies  are  undergoing 
server  consolidation  by  means  of  augment¬ 
ing  their  storage  resources,  do  you  see 
Dell’s  storage  group  taking  any  business 
away  from  its  server  group?  There  is  a 
trend  toward  consolidation,  but  we 
don’t  see  it  necessarily  as  fewer 
servers.  There’s  no  lack  of  necessity 
still  for  the  computing  capability  and 
the  applications,  but  from  the  CIO’s 
perspective,  it  was  becoming 
very  difficult  for  him  to  manage 
that.  What  we’ve  seen  is  a  trend 
toward  rack-dense  or  rack-opti¬ 
mized  servers;  the  form  factors 
have  changed.  And  what  we’ve 
typically  found  is  that  cus¬ 
tomers  are  adding  new  projects 
and  applications  for  produc¬ 
tivity,  so  it  tends  to  offset  the 
consolidation  that’s  happening. 

But  you  do  see  server  consolidation  as  a 
driver  for  your  storage  business?  Ab¬ 
solutely.  It’s  an  easier-to-manage,  more 
effective  use  of  disk  space.  You  can 
have  one  administrator  supporting 
6TB  as  opposed  to  just  being  able  to 
support  1TB  before. 

What  percentage  of  Dell’s  business  is  stor¬ 
age  at  this  point?  We’re  over  $1  billion  in 
annual  revenue  for  our  external  stor¬ 
age.  Dell’s  total  revenue  is  over  $30  bil¬ 
lion,  so  storage  is  a  small  portion  right 
now.  But  we  look  at  it  in  the  whole 
context  of  our  enterprise  business, 
which  now  accounts  for  about  20%  of 
our  total  revenue. 

What  will  your  storage  business  look  like 
in  five  years?  From  the  standpoint 
of  product  capabilities,  it  will  just  be 
to  continue  to  monitor  and  adjust 
with  the  trends.  We  have  a  very  com¬ 
plete  portfolio  of  storage  products 
right  now. 

What  is  your  monitoring  of  the  iSCSI  trend 
telling  you?  The  standard  for  iSCSI  was 
just  ratified  a  month  ago  [QuickLink 
36334].  These  emerging  technologies 
tend  to  take  off  a  lot  slower  than  most 
analysts  would  like  them  to.  I  don’t  ex¬ 
pect  that  iSCSI  is  going  to  replace  Fi¬ 
bre  Channel.  However,  there  are  some 
clear  uses  where  iSCSI  will  provide 
some  benefits.  The  first  environment 


is  in  wide-area  connectivity  for  SANs 
[storage-area  networks].  Another  use 
is  providing  [block-level  data]  support 
on  network- attached  storage  [NAS]. 
Currently,  NAS  boxes  are  only  file- 
based  access. 

How  about  the  InfiniBand  I/O  technology? 

It’s  one  of  those  products  in  the  very 
early  stages  of  standardization,  so  it’s 
not  something  that’s  going  to  happen 
overnight.  As  the  modular  blade-type 
servers  start  to  standardize  a  bit  more, 
we  think  InfiniBand  will  play  a  key 
role  in  the  system-level  communica¬ 
tion  between  servers.  We  don’t  see  In¬ 
finiBand  taking  over  storage  intercon¬ 
nects  like  Fibre  Channel;  we  don’t  see 
it  taking  over  the  network  like  IP.  But  it 
will  be  an  important  transport 
medium  between  modular 
servers. 

So  would  your  strategy  be  to  let 
IBM  and  Sun  test  the  InfiniBand 
waters  or  to  jump  in  first?  We’re 
working  on  InfiniBand-related 
products  ourselves;  we  won’t 
necessarily  wait  for  IBM  or  Sun 
to  pave  the  way.  But  we’re  also 
very  keen  on  delivering  rele¬ 
vant  technology.  InfiniBand  is  relevant, 
but  the  timing  is  what  we’re  working 
through  right  now. 

How  do  you  see  your  relationship  for  re¬ 
selling  EMC’s  Clariion  midrange  arrays 
evolving  over  the  next  few  years?  We  en¬ 
tered  into  the  relationship  in  October 
of  2001;  the  tenets  that  led  us  to  the  re¬ 
lationship  hold  and  have  been  validat¬ 
ed.  [Dell’s]  view  [is]  that  all  technology 
is  progressing  along  a  standardization 
curve.  The  area  where  there’s  still  a  lot 
of  complexity  and  a  lack  of  standards 
is  in  the  Fibre  Channel  SAN  area.  From 
a  Dell  perspective,  that’s  not  an  area 
where  we  want  to  invest  a  lot  of  our 
own  resources,  because  there  aren’t 
standards  there.  So  we  chose  to  part¬ 
ner  with  EMC. 

What’s  going  to  be  new  from  Dell  storage- 
wise  over  the  next  year?  You’ll  see  Fibre 
Channel-connected  ATA  [Advanced 
Technology  Attachment]  drives  com¬ 
ing  from  Dell  and  EMC  in  the  first  half 
of  this  year.  That  will  allow  customers 
to  continue  to  put  their  business  appli¬ 
cations  and  mission-critical  data  on 
core  Fibre  Channel  systems  but  have 
the  capability  for  snapshots  or  mirror¬ 
ing  [on]  less  expensive  disks.  That  will 
progress  to  Serial  ATA  starting  to  show 
up  in  the  latter  part  of  the  year  and  ser¬ 
ial-attached  SCSI  devices  about  a  year 
after  that.  I 
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To  me,  success  is  a  35  minute  lunch. 


At  a  restaurant,  not  my  desk. 


Means  I'm  not  wasting  time  doing  the 


same  data  management  task  again  and 


again  and  ajgain  and. .. well,  yoU'get  it 


Save  the  day. 


V2X  Subsystem 


Consolidate  your  work  by  consolidating  data  from  all  your  different  systems.  One  way  is  with  a  V2X  Shared  Virtual  Array1”  subsystem 
and  SnapVantage”  software  to  unite  all  your  Linux  virtual  servers.  Or  an  L5500  automated  tape  library  and  T9940B  tape  drive.There 
are  other  ways,  too.  We'll  help  find  the  one  that's  best.  So  storage  administration  takes  a  smaller  bite  out  of  your  day.  Learn  more 
about  this  story  and  other  ways  we  can  help  you  at  www.savetheday.com  STORAGETEK*  Save  the  Day.™ 
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PATRICIA  KEEFE 


Iraqnophobia 


w 


our  doorways  and  liable 
to  fall  upon  all  our  heads 
at  any  moment. 

As  the  Bush  adminis¬ 
tration  marches  resolute¬ 
ly  into  the  stiff  wind  of 
global  disapproval,  we’re 
all  steeling  ourselves  for 
the  impact  —  of  what  we 
don’t  yet  know. 

For  reservists,  it  could 
mean  a  call  to  duty.  As  a 
neighbor  once  said  to  me, 

“It  may  look  like  we’re 
just  fooling  around  out 
here  one  weekend  a  month,  but  we’re 
not.  This  is  serious  stuff.”  Indeed.  He 
got  called  up  almost  a  year  ago. 

Although  most  of  us  won’t  be 
slinging  an  M-16  over  our  shoulders, 
the  threat  of  war  changes  everything. 
Especially  for  IT.  Sure,  we’ve  already 
spent  the  past  two  years  operating 
under  some  very  trying  circum¬ 
stances,  so  you  might  wonder  how 
much  tougher  it  can  get. 

That  depends  mainly  on  two 
things:  how  prepared  you  are  to  se¬ 
cure  and  defend  your  company’s  digi¬ 
tal  assets  and  infrastructure,  and 
whether,  and  how  long,  we  go  to  war. 

Duct  tape  and  plastic  sheeting 
aside,  there  are  real  steps  you  can 
take.  The  key  for  IT  leaders,  notes 
French  Caldwell,  a  research  director 
at  Gartner,  is  that  in  an  era  when 
events  in  the  physical  world  are  re¬ 
flected  online,  systems  connected  to 
the  Internet  are  particularly  vulnera¬ 
ble.  Take  Delta  Air  Lines’  estimate  of 
500  attempts  daily  to  break  into  its 
systems  or  the  recent  theft  of  an  esti¬ 
mated  8  million  credit  card  numbers 
from  Data  Processors  International. 
Remember  the  speed  and  reach  of 
the  Slammer  worm. 

The  issue  seems  less  the  much- 
hyped  cyberterrorism,  and  more  the 
need  to  secure  critical  enterprise  in¬ 
frastructure  and  data  from  hactivists, 


AR.  IS  THERE  A  MORE  sobering 
word?  A  more  terrifying  prospect? 
Today,  the  threat  hangs  heavy  in  the 
air,  clouding  conversation,  darkening 

new  viral  strains  and 


physical  assault. 

And  yet  Gartner  last 
week  said  that  one-third 
of  the  250  businesses  it 
surveyed  face  the  loss  of 
critical  data  or  operating 
capability  in  the  wake  of 
a  “severe  calamity.”  An¬ 
other  research  firm,  Meta 
Group,  estimates  that  only 
20%  of  the  Global  2,000 
have  truly  effective  busi¬ 
ness  continuity  plans  — 
capable  enough  to  enable 
their  organizations  to  survive  a  disas¬ 
ter  without  lasting  adverse  effects. 

Even  without  war,  you’d  better 

■  Develop  a  business  continuity 
plan,  and  appoint  a  cyberincident  re¬ 
sponse  team. 

■  Nail  down  a  serious  security 
plan.  Don’t  just  put  the  manual  in  a 
corner. 

■  Create  an  “air  gap”  between  criti¬ 
cal  infrastructure  control  systems 
and  mission-critical  applications  and 
the  Internet. 

■  Develop  an  e-mail  policy.  Last 
week’s  revelation  about  the  sendmail 


vulnerability  was  a  timely  wake-up 
call  (see  Frankly  Speaking,  page  54). 

If  we  go  to  war,  you  can  expect 

■  A  call  from  the  CEO  asking  to  re¬ 
view  your  disaster  and  business  con¬ 
tinuity  plans. 

■  Fewer  in-person  due  diligence 
checks  from  U.S.  partners  at  overseas 
outsourcing  firms,  which  will  see  a 
possible  slowing  in  their  sales  cycles. 

■  Rising  anti-American  sentiment 
driving  the  need  to  protect  overseas 
offices,  personnel  and  systems.  Trav¬ 
el  screeching  to  a  near  halt.  (Video- 
conferencing  and  the  telecoms  will 
be  the  big  beneficiaries  here.) 

If  the  war  drags  on,  IT  will  be 
fighting  a  battle  on  two  fronts:  eco¬ 
nomic  and  security: 

■  A  lengthy  engagement  is  expect¬ 
ed  to  bring  spending  and  the  econo¬ 
my  to  a  virtual  standstill  while  push¬ 
ing  oil  prices  skyward,  negatively  af¬ 
fecting  corporate  budgets. 

■  As  the  threat  of  physical  and  cy¬ 
berterrorist  attacks  spirals,  some 
companies  may  want  to  look  into  bio¬ 
metric  physical  security  devices. 

You  never  know  when  a  war-relat¬ 
ed  incident  could  give  new  meaning 
to  the  term  agile  corporation.  As  for¬ 
mer  cybersecurity  czar  Richard 
Clarke  often  reminded  us,  the  nation 
is  counting  on  the  private  sector  to 
combat  threats  to  our  critical  infra¬ 
structure.  Don’t  be  caught  unaware.  I 


Asks  if  you're  going  to 
finish  your  coffee. 


When  asked  about  any 
potential  acquisitions, 
replies,  “I  wish." 


Makes  corrections  to  his 
company’s  letterhead 
during  meeting. 
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PIMM  FOX 

Worse  Than 
Death  and 
Taxes? 


Three  things  in  life 
are  certain:  Death,  tax¬ 
es  and  lost  data. 

If  you’re  an  IT  executive, 

this  third  bane  of  your  exis¬ 
tence  probably  isn’t  going  to  get  much 
worse.  But  if  you’re  in  finance,  new 
regulations  governing  the  retention 
and  management  of  internal  and  ex¬ 
ternal  communications  might  make  it 
seem  worse  than  death  or  taxes. 

The  Securities  and  Exchange  Com¬ 
mission’s  new  Rule  17a-4  goes  into  ef¬ 
fect  in  May.  (There  are  also  revised 
rules  from  the  New  York  Stock  Ex¬ 
change.)  It  specifies  communications 
compliance  that  covers  e-mail,  attach¬ 
ments,  memos  and  instant  messaging 
as  well  as  routine 
phone  conversations. 

The  quandary  for 
IT  departments  is 
how  to  compile  the 
arsenal  of  software 
and  hardware  tools 
necessary  to  capture, 
store  and  easily  re¬ 
trieve  the  oceans  of 
data  sloshing  around 
a  financial  services 
firm.  For  example, 

Merrill  Lynch  had 
more  than  57,000  employees  in  36 
countries  at  the  beginning  of  2002. 
That’s  a  lot  of  people  communicating 
in  a  variety  of  ways  to  many  other  in¬ 
dividuals. 

This  communications  tracking  and 
management  costs  big  bucks,  accord¬ 
ing  to  Charles  Brett,  a  senior  program 
director  at  Meta  Group.  He  estimates 
that  a  firm  with  5,000  brokers  gener¬ 
ates  about  20GB  to  50GB  of  e-mail  per 
day  to  be  stored  on  nonerasable  opti¬ 
cal  tapes.  “Each  WORM  [write-once, 
read-many]  tape  holds  about  9GB,” 
Brett  says.  “So  you  might  be  looking  at 
$150  to  $500  a  day,  every  day,  and 
that’s  just  the  cost  of  the  disks.” 

Obviously,  there’s  storage,  duplica¬ 
tion  and  management  as  well.  And 
you’ll  need  search  tools  to  check  for 
keywords  (“Get  rich  quick”  comes  to 
mind).  Other  costs  must  be  consid¬ 
ered  as  well.  Brett  estimates  that  com¬ 
panies  can  spend  upward  of  $1  million 
just  to  get  started. 
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The  original,  largest  and  most  proven  educational  forum 
for  IT  users  involved  in  storage  and  related  technologies 


See  50+  companies  work  together  with  storage  technologies 
including  SMI  S,  CIM,  SAN  Infrastructure  and  IP  Storage 


Network  with  luminaries,  press  and  analysts 


Includes  SNIA-Certification  “Test-Ready”  Courses  (see  Web 
site  for  details),  SNIA-produced  tutorials,  general  sessions, 
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IT  Managers 
and  Executives 
Choose  SNW! 


end-users  at 
SNW  learn  how  to 
maximize  storage 
investments  and 
understand  how 
to  efficiently  and 
effectively  manage 
storage ..." 


Fran  Dramis 
CIO.  CHIEF  E-COMMERCE 
AND  SECURITY  OFFICER 

BELLSOUTH 


"...  a  key  tool  to 
help  users 
understand  storage 
management ...” 


Anthony  Lloyd 
VICE  PRESIDENT 
COMPUTER  OPERATIONS 


WARNER  BROS. 


"...  the  only 
storage  networking 
conference  that 
delivers  it  all ...” 


Gary  Mountain 
MANAGER,  TECHNOLOGY 
SERVICES 

IDAHO  POWER 


”...  delivers  case 
studies  to  help 
solve  end-user 
challenges ..." 
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Brian  Cobb 
VICE  PRESIDENT 
SYSTEMS  ENGINEERING 

FANNIE  MAE 


Find  the  World’s  Best 
Storage  Solutions  and  Education! 


STORAGE 

NETWORKING 

w  o  r  i_n 

April  14-17, 2003 

JW  Marriott  Desert  Ridge  Resort 
Phoenix,  Arizona 

Co-owned  and  Produced  by:  Co-owned  and  Endorsed  by: 

COMPUTERWORLD  ^sSNIA 


Register  today  to  attend  the  world’s 
premier  event  on: 

•  Storage  Management 

•  Enterprise  Infrastructure 

•  Business  Continuity 

•  Data  Management  and  Security 

•  Emerging  Technologies 


Are  you  wrestling  with  storage  and  data  management  in  today's 
challenging  business  climate?  Is  your  infrastructure  under  increased 
pressure?  Are  business  continuity  worries  keeping  you  up  at  night? 
Then  attend  Storage  Networking  World  (SNW),  the  only  conference 


where  IT  Managers  and  professionals  get  an  SNIA-endorsed 
education,  a  hand’s  on  view  of  the  world’s  only  SNIA-sanctioned 
Interoperability  and  Solutions  Demo,  and  access  to  legions  of  peers, 
experts  and  solutions  you  won’t  find  anywhere  else. 


See  and  Hear  Regis  McKenna 


Regis  McKenna 

Renowned  Technology  Advisor, 

Venture  Capitalist  and  Author 

New  Technologies  and  Industry  Standards: 
Separating  Hype  from  Reality 


Find  Out  How  CIOs  Are  Coping 


Ulrich  Seif 

EVP  &  CIO 

National  Semiconductor 


See  the  World’s  Foremost  Storage 
Interoperability  &  Solutions  Demo! 
“Uniting  the  World  of  Storage” 

Do  you  have  the  cost-effective  infrastructure  to  support 
your  disaster  recovery  strategy?  Still  struggling  with 
interoperability  when  everyone  else  has  moved  on? 
Wonder  if  SNIA  technology  specifications  really  make  a 
difference?  Need  to  manage  more  storage  with  the 
same  fixed  resources?  Ready  for  iSCSI?  If  you 
answered  yes  to  any  of  these  questions,  then  you  need 
to  see  the  SNW  Interoperability  and  Solutions  Demo! 

In  "The  Demo",  you’ll  see  over  50  SNIA  member 
companies  demonstrate  the  spectrum  of  solutions.  You’ll  meet  the  experts,  get 
your  answers,  and  see  the  true  value  of  SNIA  technology  specifications  that 
reduce  risks,  increase  interoperability,  and  provide  common  foundations  to 
enable  vendor  choice.  And  you’ll  see  the  latest  products  with  increased  storage 
per  square  foot,  new  tools  to  automate  management  and  to  span  more  vendors, 
plus  you'll  see  iSCSI  in  action. 


Hear  Real-World  User 
Implementation 
Case  Studies 

At  Storage  Networking  World,  you’ll 
see  IT  managers  and  professionals 
describe  how  they  implemented  key 
storage  technologies  in  today's 
world.  You'll  learn  from  their  valuable  lessons  and  have  an 
opportunity  to  network  with  them. 

Get  an  SNIA-Endorsed  Education 


•  A  Primer  delivering  basic  storage 
concepts,  terminology  and  busi¬ 
ness  applications. 

•  Exclusive  SNIA-produced  and 
Delivered  Tutorial  Sessions,  offer¬ 
ing  immediately  implementable 
tips,  tools  and  techniques  that  cover: 

•  Voice  of  the  User  and  Virtualization 

•  Disaster  Recovery,  Backup/Restore  and  High 
Availability  Solutions 

•  Securing  and  Managing  Your  Storage  Networks 

•  Focus  on  Networking  Your  Storage 

•  Focus  on  Storage 


See  the  World’s  Largest  Storage 
Industry  Expo 

You’ll  participate  in  live  demonstra¬ 
tions  and  meet  exhibiting  compa¬ 
nies  specializing  in  the  latest  data 
management  and  storage  network¬ 
ing  products  and  services. 


For  more  information  and  to  register, 
visit  www.snwusa.com/expo  or  call  1-800-883-9090 

(1-508-820-8159) 


Witness  User  Case  Studies 


IT  Managers 
and  Executives 
Choose  SNW! 


DARYL 

BLACK 

Storage  Architect 
Telus 

Communications 


GARY 

PILAFAS 

Senior  Storage 
and  Systems 
Architect 
United  Loyalty 
Services 
(United  Airlines) 


TOM 

RUWART 

Intelligent  Storage 
Technologist 
University  of 
Minnesota  Digital 
Technology  Center 


ROD  JULIAN  BILL  STEVE 

LUCERO  MORRIS  WESTON  ROMAINE 

Chief  Architect  Vice  President  of  IT  Risk  Manager  Chief  Architect 
Conseco  Finance  Draft  Worldwide  Fidelity  Investments  The  Hartford 


PIERRE  CHERYL  MO 

BAUDET  OLORE  ASQARI 

Business  Chief  Implementation  Vice  President  of 
Systems  Manager  Planner  Technology 

New  Balance  Patrick  Air  Force  Photo  Channel 
Athletic  Shoe,  Inc.  Base,  45th  Space  Networks 
Communications 
Squadron 


Hear  from  Industry  Leaders 


REOIS 

MCKENNA 


Renowned  Technology 
Advisor 

Venture  Capitalist  and 
Author 


PETER 

VANOPPEN 

Chairman  &  CEO 
ADIC 


YOOESH 

OUPTA 

CTO 

Computer  Associates 


STEVE 

DUPLESSIE 

Founder  and 
Senior  Analyst 
Enterprise  Storage 
Group 


P 

HOWARD 

ELIAS 

SVP&GM.  Network 
Storage  Solutions 
Software 
Hewlett-Packard 
Company 


MIKE 

ZISMAN 

Vice  President 
Corporate  Strategy 
IBM  Corporation 


JOHN  FRED 

MCARTHUR  VAN  DEN  BOSCH 

Group  Vice  President  EVP  &  CTO 

IDC  Storage  Research  VERITAS  Software 


"...  I  found  storage 
solution  tips  in 
implementation, 
security,  continuity, 
and  interoperability 
that  made  my  trip 
worthwhile ...” 


Charles  Inches 

IT  DIRECTOR 
CORNER  BANCASA 
SWITZERLAND 


“...  the  best 
conference  for 
storage  users ...” 


Agenda  Snapshot* 


For  details,  updates,  and  to  register  visit  www.snwusa.com/expo 


'sobteci  to  change 


Monday,  April  14 

(Pre-Conference  Activity  and  Tutorial  Seealone) 


9:30am-11:00am 

12:00pm-5:00pm 

1:00pm-2:00pm 

2:00pm-2:10pm 

2:10pm-3:10pm 

3:10pm-3:20pm 

3:20pm-4:20pm 

4:20pm-4:30pm 

4:30pm-5:30pm 

7:00pm-9:00pm 


Primer 
Golf  Outing 

SNIA  Tutorial  Sessions  - 
choose  from  five  different  sessions 

Break 

SNIA  Tutorial  Sessions  - 

choose  from  five  different  sessions 

Break 

SNIA  Tutorial  Sessions  • 

choose  from  five  different  sessions 

Break 

SNIA  Tutorial  Sessions  - 
choose  from  five  different  sessions 
Pre  Conference  Networking  Reception 


Tuesday,  April  15 

(General  Conference  -  Day  One) 

7:15am-8:15am  Continental  Breakfast 
B:30am-9:1Sam  Opening  Keynote:  Regia  McKenna 
9:16am-12:00pm  General  Sessions 
12:16pm-1:30pm  Networking  Luncheon 
1:4Bpm-4:00pm  General  Sessions 
4:00pm-5:30pm  Technical,  Technical/Business  and 
Business  Tracks 

5:30pm-8:30pm  Expo,  Buffet  Dinner,  Interoperability 
and  Solutions  Demo 

Wednesday,  April  16 

(General  Conference  -  Day  TWo) 

7:16am-8:15am  Continental  Breakfast 
B:30am-9:05am  Opening  Keynote:  David  Chamberlain 
9:15am-12:00pm  General  Sessions 


12:00pm-1:30pm  Expo,  Buffet  Luncheon 
12:00pm-7:15pm  Interoperability  and 
Solutions  Demo  Open 
1:45pm-3:50pm  General  Sessions 
3:60pm-4:00pm  Break 

4:00pm-6:00pm  Technical,  Technical/Business  and 
Business  Tracks 
5:15pm-7:16pm  Expo  Open 
7:30pm-8:00pm  Gala  Evening 

Thursday,  April  17 

(Tutorial  and  Workahop  Seaalona) 

7:30am-8:30am  Continental  Breakfast 
8:30am-11:4Sam  Technical,  Technlcal/Bualness  and 
Bualnesa  Tracks 

11:45am  Conference  Concludes 


Register  Today! 


Options  for  IT  End-Users* 

j  Pre-Registration  (through  April  nth) 

On-Site  Registration  (after  April  nth) 

General  Conference  Package  (Apr.  15, 16): 

(Includes  Expo,  Meals  and  Receptions) 

$1,095 

$1,245 

Total  4-day  Package  (Apr.  14, 15, 16, 17): 

$1,490 

$1,690 

(Includes  General  Conference  Package:  Technical  and  Business  Tracks:  SNIA-produced  Tutorials:  SNIA-Certification  “Test-Ready”  Courses:  Expo.  Meals  and  Receptions) 

Options  for  IT  Vendors** 

Total  4-day  Package  (Apr.  14, 15, 16, 17):  $1,490 

(Available  to  Sponsoring  Vendors  and  their  Resellers/Integrators:  Industry  Consultants;  and  Storage  Solutions  Implementors) 

$1,690 

Non-Sponsoring/Exhibiting  Vendor  Package: 

$5,000 

$5,000 

•  See  IT  End-Users  description  on  the  Registration  Application  on  the  reverse.  M  See  Non-Sponsoring  Vendor  description  on  the  Registration  Application  on  the  reverse. 


PRACTICES  IN 

STORAGE 


AWXinTVI'HOl.kAM 

conmnwi  -5,sxia 


Submit  your  nomination  today  at 

www.snwusa.com 

or  email  Nanette  Jurgelewicz  at 
nanette  jurgelewicz®  computerworld.com 

V  _ _ _ 


Travel  and 
Accommodations 


IDG  Travel  is  the  official 
travel  company  for 
Storage  Networking 
World.  They  are  your  one-stop  shop  for 
exclusive  discounted  rates  on  hotel 
accommodations. 


To  reserve  your  accommodations: 

visit  www.atcantrat.com  OR 

call  1-800-340-2262  (or  1-508-820-6189) 


Pre-Conference 
Outing 

Complimentary  for  Registered  IT  Users 

The  Pre-Conference  Golf  Outing  at  The  Palmer 
Course  at  Wildfire,  located  at  the  JW  Marriott  Desert 
Ridge  Resort,  is  complimentary  ($165  value)  lor  reg¬ 
istered  IT  End-Users  (other  participants,  including 
sponsors  and  vendors,  may  play  on  an  “as  available"  basis  and  are 
responsible  for  all  applicable  golf  outing  expenses). 

For  details:  contact  Chris  Leger  at  1-60B-820-B277 
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Vicki  Hamilton 
VICE  PRESIDENT 
SHARED  SERVICES  AND 
IT  OPERATIONS 


STORAGE 


Application  for  Conference  Registration 


WORLD 


TO  REGISTER: 

•  Fax  this  form  to  508-626-8524 

•  Or  register  online  at  www.snwusa.com/expo 

•  You  will  receive  a  confirmation  via  email 


QUESTIONS? 

•  Call:  our  Customer  Service  Line  at  800-883-9090 

•  Email:  snwreg@computerworld.com 


CODE:  EXPC  £ 


Options  for  IT  End-Users* 

Pre-Registration 

j  (through  April  11th) 

On-Site  Registration 

|  (after  April  11th) 

General  Conference  Package  (Apr.  15, 16): 

(Includes  Expo.  Meals  and  Receptions) 

□  $1,095 

□  $1,245 

Total  4-day  Package  (Apr.  14, 15, 16, 17): 

□  $1,490 

□  $1,690 

(Includes  General  Conference  Package;  Technical  and  Business  Tracks:  SNIA-produced  Tutorials:  SNIA-Certlfication  "Test-Ready”  Courses:  Expo.  Meals  and  Receptions) 

Options  for  IT  Vendors** 

Total  4-day  Package  (Apr.  14, 15, 16, 17):  □  $1,490 

(Available  to  Sponsoring  Vendors  and  their  Resellers/Integrators:  Industry  Consultants;  and  Storage  Solutions  Implementors) 

□  $1,690 

Non-Sponsoring/Exhibiting  Vendor  Package: 

□  $5,000 

□  $5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/purchase  hardware/software/services/etc.  from  our  conference 
sponsors  and  exhibitors.  As  such,  account  representatives/business  development  from  any  company,  analysts,  venture  capitalists,  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within 
their  organization  are  excluded  from  the  "IT  End-User”  designation.  Enforcement  of  this  interpretation  and  policy  is  at  the  sole  discretion  of  Computerworld.  Questions?  Please  call  1-800-883-9090. 


Vendors  are  encouraged  to  participate  at  Storage  Networking  World  through  sponsorship.  (Details  are  available  by  calling  Ann  Harris  at  1-508-820-8667.)  Alternatively,  vendors  (as  well  as  venture  capitalists, 
equity  analysts,  and  other  “non-IT  end-user"  professionals  as  defined  by  Computerworld).  may  apply  for  registration  at  the  “non-sponsoring  vendor"  rate.  Determination  of  what  constitutes  a  “non-sponsoring  vendor" 
registration  is  at  the  sole  discretion  of  Computerworld.  You  will  also  be  required  to  adhere  to  our  non-solicitation  policy  posted  on-site. 


Registration  Information:  (This  section  must  be  completed  in  order  to  process  your  application) 


Last  Name: 


Company: 


State/Prov: 


Suite,  Apt.,  etc.:  _ 
Zip/Postal  Code: 


Country: _  Phone  Number: _  Extension: _ 

Fax  Number:  _  E-Mail  Address: _ _ 

Badge  Name: _ _ _  □  Special  Services  Required?  (Please  attach  written  description) 

Would  you  like  to  receive  information  about  playing  in  the  golf  outing  on  Monday,  April  14th  (PM)?  □  Yes  □  No 
Please  indicate  your  preferred  conference  shirt  size:  □  S  □  M  O  L  Q  XI.  □  XXL  □  XXXL 


Attendee  Profile:  (This  section  must  be  completed  in  order  to  process  your  application) 

SECTION  A  -  FOR  IT  END-USERS  ONLY 


Your  Business/Industry: 

□  Transportation/Utilities 

□  Mining/Oil/Gas 

□  Media/Publishing 

□  Banking/Finance/Insurance 

□  Telecommunications 

□  Wholesale/Retail  (Non-IT) 

□  Advertising/Marketing/Public 
Relations 

□  Education 

□  Government/Military 

□  Healthcare 

□  Manufacturing  (Non-IT) 

□  Other 

Your  Job  Title/Function: 

□  CEO/COO/Chairman/President 

□  CIO/CTO 

□  VP/GM/Director 

□  IS/IT  Director/Manager 

□  Other  IS/IT  Department 
Manager/Supervisor 

□  Other  Corporate/Business  Manager 

□  Corporatc/Business  Staff 

□  Consultant  (Internal)  or  Other 

Select  item  below  that 
most  closely  matches  your 
involvement  in  IT  decisions: 

□  Specify  features/Technical 
requirements 

□  Evaluate/Recommend  Products, 
Brands,  Vendors 

□  Create  Strategy/Determine  the  need 
to  purchase 


□  Set  budget  for  expenditure 

□  Authorize/Approve  purchase 

□  None  of  the  above 

Employees  in  your  entire 
Company: 

□  10,000+ 

□  5,000-9,999 

□  1,000-4,999 

□  500-  999 

□  100-499 

□  Less  than  100 

Estimated  annual  revenue 
of  your  entire  company: 

□  $10  Billion+ 

□  $5  Billion  -  $9.9  Billion 

□  $1  Billion  -  $4.9  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million  -  $499  Million 

□  $50  Million  -  $99  Million 

□  Less  than  $50  Million 

Annual  company  IT  budget 
(All  IT  products  and  services): 

□  $100  Million+ 

□  $50  Million  -  $99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million  -  $19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million  -  $4.9  Million 

□  $500,000  -  $999,999 

□  Less  than  $500,000 


Annual  company  IT  budget 
(Storage  products  and  services): 

□  $100  Million+ 

□  $50  Million  -  $99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million  -  $19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million  -  $4.9  Million 

□  $500,000  -  $999,999 

□  Less  than  $500,000 

Your  personal  IT  spending 
authority  (All  IT  products 
and  services): 

□  $100  Million+ 

□  $50  Million  -  $99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million  -  $19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million  -  $4.9  Million 

□  $500,000  -  $999,999 

□  Less  than  $500,000 

Your  personal  IT  spending 
authority  (Storage  products 
and  services): 

□  $100  Million* 

□  $50  Million  -  $99.9  Million 

□  $20  Million  -  $49.9  Million 

□  $10  Million  -  $19.9  Million 

□  $5  Million  -  $9.9  Million 

□  $1  Million  -  $4.9  Million 

□  $500,000  -  $999,999 

□  Less  than  $500,000 


SECTION  B  -  FOR  IT  VENDORS  ONLY 


Your  Business/Industry: 

□  VAR/VAD/ASP/System  Integrator 

□  Industry  Consultant/Storage  Solution  Integrator 

□  Manufacturing  (IT) 

□  Computer  Retailer/Dealer/Wholesaler 

□  Software  Development  (Storage) 

□  Other  Computer  Related  (Non-Storage) 


Your  Job  Title/Function: 

□  CEO/COO/Chairman/President 

□  CFO/Controller/TYeasurer 

□  VP/GM/Director 

□  Sales/Marketing/Product  Staff 

□  CIO/CTO/Other  IS/IT  Manager 

□  Engineering  Staff 

□  Press 


□  Check  Enclosed  (checks  must  be  received  by  4/4/03) 
(Make  payable  to:  Computerworld;  Mail  to:  Computerworld,  Attn:  Pam 
Malingowski,  500  Old  Connecticut  Path,  Framingham,  MA  01701) 

□  American  Express  □  VISA  □  MasterCard 
Account  Number: 


Expiration  Date: _ 

Card  Holder  Name: 


Signature  of  Card  Holder: 


Cancellation  Policy  (All  of  the  below  options  require  written  notification..) 

In  the  event  of  cancellation,  the  registrant  has  three  options: 

1)  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  the  Fall  2003  Storage  Networking  World* 
conference,  if  written  notice  is  received  by  March  31. 2003. 

3)  The  registration  fee  will  be  refunded.  less  $250  service  charge,  if  written  notice  is  i 

received  by  March  31,  2003. 

Computerworld  reserves  the  right  to  limit  and/or  refuse 
any  registration  for  any  reason. 


Schedule  of  Conference  Events  »  a^) 

Monday,  April  14,  2003 

•  Pre-Conference  Golf  Outing 

•  Pre-Conference  Networking  Reception 

•  Tutorial  Sessions 

Tuesday,  April  15,  2003 

•  General  Conference 

•  Interoperability  and  Solutions  Demo 

•  Exposition 

Wednesday,  April  16,  2003 

•  General  Conference 

•  Interoperability  and  Solutions  Demo 

•  Exposition 

•  Gala  Evening 

Thursday,  April  17,  2003 

•  Tutorial  Sessions 
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Unfortunately,  few  IT  departments 
are  being  given  meaningful  guidance 
by  compliance  and  legal  departments 
about  where  and  how  to  invest  the 
money.  So,  many  are  relying  on  ven- 
)  dors  to  know  what  technology  is  or 
isn’t  required. 

“There  are  some  pretty  immature 
solutions  out  there,”  says  Brett. 

It’s  possible  to  capture  everything 
inbound  and  outbound,  but  capturing 
the  internal  stuff  gets  complicated. 

As  a  result,  some  companies  are  look- 
..  ing  at  this  as  a  chance  to  re-evaluate 
e-mail  at  the  enterprise  level  and  initi¬ 
ate  operational  management  of  e-mail 
—  for  example,  making  users  catego¬ 
rize  e-mail  before  it’s  distributed  and 
archived. 

Brett  says  the  most  important  ques¬ 
tions  for  potential  vendors  are  about 
scalability  and  ownership. 

Can  they  demonstrate  real  scalable 
solutions,  and  what  is  their  specific 
expertise?  Without  these  answers, 
your  communications  aren’t  being  giv¬ 
en  the  attention  the  law  demands.  N 

THORNTON  MAY 

Save  the 
Suits  From 
Themselves 

RUDY  GIULIANI  argued 
that  the  best  way  to 
fight  crime  is  to  fight 
the  disorder  that  precedes  it 
—  those  quality-of-life  crimes 

such  as  spraying  graffiti,  panhandling, 
breaking  windows,  littering  and  letting 
buildings  crumble  and  decay.  I  think 
you  can  make  a  similar  argument  that 
the  best  way  to  improve  ROI  for  IT  is 
to  fight  the  mental  disorder  that  bur¬ 
dens  IT’s  reputation  —  those  quality- 
of-mind  crimes  such  as  underinvest¬ 
ing,  overinvesting  and  bad  personal  in- 
formation-management  behavior. 

What  leads  me  to  this  line  of  think¬ 
ing  is  some  work  I’ve  been  doing  with 
Hal  R.  Varian,  dean  of  the  School  of 
Information  Management  and  Systems 
at  the  University  of  California,  Berke¬ 
ley.  While  conducting  focused  re¬ 
search  in  the  financial  services  mar¬ 
ket,  we  found  the  highest  mental 
crime  areas  to  be  the  following: 

■  Information  opportunity:  Deter¬ 
mining  where  IT  money  should  be 
spent. 

■  Application  IQ:  Spending  the 
money  on  the  right  technologies. 


■  Information  economics: 

Getting  the  best  deal  on  the 
money  we  spend. 

In  recent  years,  the  ability 
to  purchase  technology  has 
run  ahead  of  the  typical  or¬ 
ganization’s  ability  to  ex¬ 
tract  maximum  value  from 
what  it’s  been  buying.  The 
“whisper  number”  (the  one 
no  one  likes  to  publicly  ac¬ 
knowledge)  for  annual  IT 
waste  is  around  $75  billion. 

These  are  dollars  spent 
yearly  on  failed  IT  projects. 

IT  managers  are  certainly 
not  blameless  in  this  annual  value 
sinkhole,  but  we  frequently  forget  that 
for  every  dollar  wasted,  there  were 
users  —  let’s  call  them  “Suits”  —  who 
were  very  close  to  the  center,  where 
choices  were  made  and  value  was  de¬ 
termined. 

The  unspoken  dirty  secret  in  IT 
waste:  “It’s  not  the  technology.  It’s  the 
Suits  who  are  funding  the  technology.” 
For  the  longest  time,  IT  managers  had 
a  credibility  problem  with  the  busi¬ 


ness.  But  in  reality,  the  in¬ 
verse  is  true;  the  business 
has  a  credibility  problem 
with  IT. 

John  Adams,  one  of  the 
political  geniuses  behind 
the  Declaration  of  Inde¬ 
pendence,  often  wrote  his 
much-loved  wife,  even  dur¬ 
ing  the  darkest  days  of  the 
American  Revolution.  In 
one  note,  he  said,  “We  can¬ 
not  guarantee  success,  but 
we  can  deserve  it.”  The  tru¬ 
ly  sad  reality  of  the  preg- 
nant-with-opportunity  age 
we  live  in  is  that  most  Suits  don’t  de¬ 
serve  success  from  their  investments 
in  IT.  They  haven’t  laid  the  ground¬ 
work  or  done  the  homework  necessary 
to  develop  good  IT  judgment. 

The  question  facing  IT  leaders  to¬ 
day  is,  What  is  the  minimal  obligation 
of  IT  to  educate  the  Suits  in  the  non¬ 
toxic  or,  at  a  minimum,  nonwasteful 
use  of  information  technologies? 

Most  IT  shops  have  determined  that 
they  need  do  nothing  more  than  train 


executives  in  the  use  of  low-level 
desktop  applications.  This  is  the  tech¬ 
nology  equivalent  of  a  sixth-grade  ed¬ 
ucation.  Technology  literacy  will  be¬ 
come  foundational  to  the  economy  of 
the  future.  Suits  must  know  more 
about  IT.  IT  leaders  need  to  know 
more  about  what  the  Suits  know  and, 
more  important,  what  they  don’t  know 
about  IT. 

Regarding  the  technology  literacy  of 
executives,  IT  leaders  need  to  deter¬ 
mine  the  following: 

■  Things  Suits  currently  “know” 
that  they  need  to  unlearn. 

■  Things  Suits  should  know  that 
they  never  learned. 

■  Things  that  accelerate  the  Suit 
technology-learning  processes. 

In  advanced  companies  today,  IT 
leaders  are  evaluating  their  peers  on 
their  technical  competence.  Your  com¬ 
pany  should  be  doing  it  too.  ► 

WANT  OUR  OPINION? 

©More  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 
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Measuring  Risk 

THE  REPORT  “Ridge  Releases 
Cyberdefense,  Physical  Strate¬ 
gies"  [QuickLink  36404]  reflects 
the  seriousness  of  the  need  for  cy¬ 
bersecurity  improvement  -  and  the 
potential  for  regulatory  intervention 
if  the  market  fails  to  respond  ade¬ 
quately.  While  government  efforts 
to  establish  a  cyberattack  aiert  sys¬ 
tem  are  laudable,  it  is  essential  that 
both  the  private  and  public  sectors 
get  the  kind  of  qualitative  guidance, 
and  associated  risk  metrics,  that 
will  enable  them  to  identify,  mea¬ 
sure  and  manage  the  risks  to  their 
information  technology  and  com¬ 
munications  environments,  and  to 
get  credible  ROI  data  on  informa¬ 
tion  security  investments.  That 
means  the  establishment  of  the 
Generally  Accepted  System  Securi¬ 
ty  Principles.  The  principles  are  a 
standard  population  of  threats  and 


UNFORTUNATELY,  since  most 
companies  still  don’t  have  a 
formal  teleworking  plan  in  place, 
most  managers  still  view  telecom¬ 
muting  as  a  perk  that  is  an  excep¬ 
tion  rather  than  the  rule  [QuickLink 
36517],  After  six  years  of  success- 


quantitative  risk  assessment  tools 
that  enable  organizations  to  identi¬ 
fy,  measure  and  manage  risk  con¬ 
fidently,  applying  the  long-accepted 
measure  of  business  -  ROI  -  to  the 
broad  array  of  safeguard  and  con¬ 
trol  investments  for  information 
security. 

Will  Ozier 

President,  OPA  Inc.,  Fairfield, 
Calif. 


Broad  Expertise 

David  foote’s  column  “IT 
Job  Trends  Yield  Surprises” 
[QuickLink  36015]  was  informative, 
but  the  way  he  compares  special¬ 
ists  to  generalists  seems  a  bit 
shortsighted.  In  my  experience,  be¬ 
ing  an  expert  in  one  field  has  many 
important  benefits,  regardless  of 
the  job  market.  One  is  that  people 
often  consider  experts  to  be  expert 
in  other,  complementary  fields.  An- 


ful  telecommuting  in  the  after¬ 
noons,  I  lost  my  last  job  because 
the  conditions  for  retraining  in  the 
new  system  required  daylong  face 
time. 

Ellen  Cornell 

Marblehead,  Mass. 


other  arises  during  the  pursuit  of 
expertise:  You  naturally  acquire  an¬ 
cillary  skills,  which  often  make  you 
a  generalist  as  a  side  effect. 

My  own  career  is  a  good  exam¬ 
ple.  I  have  been  a  Borland  Delphi 
specialist  since  Delphi's  inception.  I 
marketed  myself  only  as  such.  As  a 
Delphi  “specialist,"  I  performed  Or¬ 
acle,  Interbase  and  Microsoft  SQL 
Server  database  design,  Web  de¬ 
sign  (including  JavaScript  and 
Perl),  telecommunications,  project 
management  and  more. 

Michael  Nigohosian 
President,  McGillis,  Wilcox, 
Webster  &  Co.,  Chicago 
(and  author  of  The  Secret 
Path  to  Contract  Program¬ 
ming  Riches), 

m.nigohosian@mwwcorp.com 


Following  HIPAA 

HAVE  BEEN  LECTURING  on 

HIPAA  security  and  conducting 
compliance  engagements  since 
1998.  In  the  article  “HIPAA  Data 
Rules  Leave  Choices  to  IT"  [Quick¬ 
Link  36526],  Karen  Trudel  of  the 
Centers  for  Medicare  &  Medicaid 
Services  is  quoted  as  saying  that 
encryption  of  health  data  transmit¬ 
ted  over  the  Internet  is  no  longer 
mandated  and  can  be  based  on  risk 


assessments  by  companies.  Actu¬ 
ally,  the  business  impact  of  doctors' 
encrypting  health  data  is  ultralow, 
but  doing  so  is  probably  the  single 
best  security  control  to  protect  data 
that  can  be  used  in  a  small  practice. 
TruSecure's  Marne  Gordon  is  also 
off  base  in  saying  that  litigation- 
wary  companies  might  stick  with 
paper  instead  of  rolling  out  auto¬ 
mated  medical  records.  The  HIPAA 
privacy  rule  covers  health  records  in 
all  formats,  paper  or  electronic. 
There  is  no  advantage  to  not  using 
electronic  records,  because  you  are 
still  required  to  protect  the  data. 
Fred  Langston 
Senior  principal  consultant, 
Guardent  Inc.,  Seattle, 
Fred.Langston@Guardent.com 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld, 
P0  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

©More  letters  on  these  and  other 
topics  are  on  our  Web  site: 

computerworld.com/ietters 


Teleworking  Loses  Some  Face  Value 


thornton  may  is  a  long¬ 
time  industry  observer, 
management  consultant 


and  commentator. 
Contact  him  at 

thomtonamay@aot.com. 


Magic  Pixie  Dust. 
The  miracle  everyone 
has  waited  for. 


Magic  Pixie  Dust 

was  all  the  rage.  And 
why  not?  The  directions 
said  that  with  one  pinch, 
servers  would  be  imbued  with 


“always  on”  capabilities.  With  another  pinch, 

servers  would  be  instantly  gilded  with  more  speed 


and  performance.  The  servers  would  self- configure.  They 
would  never  crash.  Every  server  could  connect  with  every  other 
server  in  existence.  Just  one  problem.  The  Pixie  Dust  didn’t  work. 
AND  THAT’S  WHEN  THEY  CALLED  IBM. 


The  IBM  (©server  pSeries™  650  running  UNIX?  It  can  run  multiple  partitions  that 


can  be  dynamically  reconfigured.  On  demand.  It’s  twice  as 


powerful  as  the  Sun  Fire  V880  in  ERP.1  And  unlike  Pixie  Dust, 


it  works.  To  learn  more  about  the  flexible  p650  or  to  locate  your 


IBM  Business  Partner,  head  over  to  ibm.com/eserver/p650 


The  p65Q. 

The  UNIX  server 
everyone  has  waited  for. 


'IBM  eServer  pSeries  650  (8  processors.  POWER4+,  1.45  GHz.  1.5  MB  L2  cache  per  2  processors,  64  GB  memory)  was  certified  by  SAP  on  1/16/03  with  the  following  SAP  Standard  4.6C  SD  application  benchmark  results:  1.220  SD  benchmark 
users.  1.95  sec.  average  dialog  response  time,  122,670  fully  business  processed  line  items/hour,  368,000  dialog  steps/hour.  6,130  SAPS,  CPU  utilization  of  98%  with  DB2  v8.1  and  AIX  5L  version  5.2.  Sun  Microsystems  Sun  Fire  V880  (8  processors. 
UltraSPARC  III,  900  MHz,  8  MB  L2  cache,  32  GB  memory)  was  certified  by  SAP  on  6/17/02  with  the  following  SAP  Standard  4.6C  SD  application  benchmark  results:  600  SD  benchmark  users,  1.96  sec.  average  dialog  response  time,  60,330 
fully  business  processed  line  items/hour,  181,000  dialog  steps/hour,  3,020  SAPS,  CPU  utilization  of  99%  with  DB2  v7  and  Solaris  8.  Results  posted  at  http://www.sap.com/benchmark.  2U.S.  list  price  as  of  2/28/03  tor  p650  Express  Configuration 
wilh  AIX  5L,  2-way  1.2  GHz  POWER4*.  Prices  are  subject  to  change  without  notice.  Reseller  prices  may  vary.  IBM,  the  e-business  logo,  AIX  5L,  DB2,  eServer,  POWER4+,  pSeries  and  e-business  on  demand  are  trademarks  or  registered  trademarks 
of  international  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others. 
©2003  IBM  Corporation.  All  rights  reserved. 


Powerful  magic  prevents  and  Powerful  self-healing  technology 


repairs  server  crashes. 


helps  prevent  server  crashes. 
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server  three  tunes  a  day. 
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Currently  unrated  in  performance.  1 
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Could  be  the  greatest  idea 


Sun  Fire  V880  in  ERR1 


Could  be  the  greatest  idea 


in  the  history  of  IT.  in  the  history  of  UNTX. 
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Not  available  through  IBM.  Available  through  IBM  and 

IBM  Business  Partners. 


Doesn’t  actually  exist.  2-way  starts  at  $31,495f 
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(e)  business  on  demand 


Our  post-relational  database. 

It  combines  the  best  technologies 
in  the  database  world. 


For  your  next  generation  of  applications, 
move  to  the  next  generation  of  database  technology: 
Cache,  the  post-relational  database. 

What  makes  Cache  “post-relational”?  It  provides 
developers  three  integrated  data  access  options  which 
can  be  used  simultaneously  on  the  same  data:  an 
advanced  object  database,  high-performance  SQL, 
and  rich  multidimensional  access. 

Because  Cache’s  architecture  is  a  multi¬ 
dimensional  structure,  applications  built  on  it  are 
massively  scalable  and  lightning-fast. 

Plus,  no  mapping  is  required  between  object, 
relational,  and  multidimensional  views  of  data. 

This  means  huge  savings  in  both  development  and 
processing  time.  And,  Cache-based  applications 
don’t  require  frequent  database  administration  or 
hardware  and  middleware  upgrades. 


More  than  just  a  database  system,  Cache 
incorporates  a  powerful  Web  application  develop¬ 
ment  environment  that  dramatically  reduces  the 
time  to  build  and  modify  applications. 

The  reliability  of  Cache  is  proven  every  day  in 
“life- or- death”  applications  at  hundreds  of  the 
largest  hospitals.  Cache  is  so  reliable,  it’s  the  world’s 
leading  database  in  healthcare  -  and  it  powers 
enterprise  applications  in  financial  services, 
government  and  many  other  sectors. 

We  are  InterSystems,  a  specialist  in  database 
technology  for  25  years.  We  provide  24x7  support 
to  four  million  users  in 
88  countries.  Cache  is 
available  for  Windows, 

OpenVMS,  Linux  and 
major  UNIX  platforms. 


InterSystems  f 

£  CACHE 

Make  Applications  Faster 


Download  a  fully-functional  version  of  Cache  or  request  it  on  CD  for  free  at  www.lnterSystems.com/post-relational 


O  2002  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Cach£  is  a  registered  trademark  of  InterSystems  Corporation. 


Compression 
Relieves  Congestion 

WAN  traffic  compression 
appliances  promise  to  let 
•network  managers  increase 
loads  without  upgrading 
WAN  links.  Users  tell  us 
how  well  they  work.  Page  30 


SECURITY  MANAGER’S  JOURNAL 

When  Bad  Things  Happen 
To  Good  Demos 

A  vendor’s  slick  security  product 
presentation  shows  Vince  Tuesday 
that  it  doesn’t  have  a  clue  what  users 
want  and  need  —  or  technology 
mature  enough  to  deliver  it.  Page  32 


OPINION 

And  Here’s  the  Pitch 

The  beginning  of  base¬ 
ball’s  spring  training  has 
Nicholas  Petreley  thinking 
about  what  might  happen 
in  a  software  World  Series. 
Page  37 
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MICROPROCESSORS 


Chip  makers  will  have 
achieved  10  GHz  and  1  billion 
transistors  in  five  years, 
but  progress  is  getting 
harder.  By  Gary  H.  Anthes 


For  more  than  three  decades, 
microprocessors  have  doubled 
in  power  every  18  to  24  months. 
That  progress  will  continue  for 
another  10  years  or  so,  chip  mak¬ 
ers  say;  then  some  new  technol¬ 
ogy  may  have  to  be  found  to  re¬ 
place  the  silicon  semiconductor. 

Unfortunately,  the  companies  that 
make  microprocessors  and  use  them  to 
build  computer  systems  can’t  just  catch 
a  free  ride  on  the  back  of  Moore’s  Law. 
As  silicon  transistors  grow  smaller  — 
there  will  be  a  billion  on  a  single  chip 
in  five  years  —  chips  become  exponen¬ 
tially  more  expensive  to  design,  man¬ 
ufacture  and  test.  And  the  laws  of 
physics  intrude:  In  the  mysterious 
realm  called  “deep  submicron,”  for  ex¬ 
ample,  power  dissipation  gets  nearly 
impossible  to  control,  and  cosmic  rays 
cause  random  processing  errors. 

“The  power-dissipation  problem 
will  prevent  the  further  scaling  after  10 
years.  Improvements  will  come  about 
from  system-level  integration  rather 
than  transistor-level  enhancements,” 
says  Bijan  Davari,  technology  vice  pres¬ 
ident  at  IBM’s  microelectronics  division. 

About  60%  of  the  total  performance 
gains  in  microprocessors  have  come 
from  higher  clock  frequencies  result¬ 
ing  from  smaller  and  faster  transistors. 
The  balance  have  come  from  process- 
Condnued  on  page  26 
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Continued  from  page  25 
ing  architectures  that  allow  the  execu¬ 
tion  of  more  than  one  instruction  per 
clock  tick.  A  microprocessor  can  do 
that  by  predicting  the  flow  of  a  pro¬ 
gram  through  several  branches  of  pro¬ 
gram  logic  or  by  executing  instructions 
“speculatively”  —  before  they  are  need¬ 
ed.  But  pushing  those  tricks  further  is 
becoming  difficult  and  expensive. 

“We’ve  gone  from  being  able  to  exe¬ 
cute  two  instructions  at  a  time  to  eight 
or  more,”  says  James  Hoe,  a  professor 
of  electrical  and  computer  engineering 
at  Carnegie  Mellon  University  in  Pitts¬ 
burgh.  “But  we  are  at  the  limit.  The  ar¬ 
chitecture  is  not  scalable.”  Hoe  says 
microprocessor  developers  will  in¬ 
creasingly  rely  on  the  following  ambi¬ 
tious  schemes  to  find  “parallelism”  in 
programs  and  job  streams: 

■  Multithreading:  Breaking  a  single  pro¬ 
gram  into  multiple  instruction  streams, 
or  threads,  to  be  processed  simultane¬ 
ously.  Each  thread  could  handle  a  data 
packet  or  transaction,  for  example. 

■  Simultaneous  multithreading:  A  tech¬ 
nique  that  makes  a  single  physical  proc¬ 
essor  appear  to  software  as  two  proc¬ 
essors,  so  two  programs  can  execute 
simultaneously,  boosting  total  through¬ 
put.  Intel  Corp.  calls  it  “hyperthreading.” 

■  Chip  multiprocessing:  The  placement 
of  two  or  more  physical  processor 
“cores”  on  one  chip.  The  cores  can  run 
independently  but  share  some  resources. 
IBM  is  shipping  a  dual-core  Power4 
processor,  and  Sun  Microsystems  Inc. 
is  expected  to  unveil  one  later  this  year 
in  its  UltraSPARC  IV.  Intel  will  intro¬ 
duce  a  dual-core  Itanium  chip  in  2005. 

»  Runtime  optimization:  Using  a  combi¬ 
nation  of  special  processor  circuits  and 
a  dynamic  runtime  compiler  to  contin¬ 
uously  analyze  program  behavior  and 
reorder  instructions  for  better  perfor¬ 
mance.  While  this  doesn’t  make  the 
processor  run  faster,  it  does  improve 
what  the  user  cares  about:  throughput. 

“It’s  becoming  exponentially  expen¬ 
sive  to  find  more  parallelism  in  a  sin- 
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gle  instruction  stream,”  says  Justin 
Rattner,  an  Intel  senior  fellow  and  di¬ 
rector  of  microprocessor  research.  “So 
there  will  be  increasing  emphasis  on 
thread-level  parallelism,  the  number  of 
threads  per  processor  and  the  number 
of  processors  per  chip.” 

Rattner  says  Intel  is  also  doing  re¬ 
search  on  processors  and  compilers 
that  together  optimize  program  perfor¬ 
mance  in  real  time.  “We  are  looking  at 
program-visible  instrumentation  so 
the  compiler  has  access  to  [runtime 
conditions],”  he  says.  “This  is  on  the 
fly;  this  is  the  compiler  in  the  loop.” 

The  technique  has  improved  perfor¬ 
mance  by  a  factor  of  two  to  four,  Rat¬ 
tner  says.  Improvements  in  basic  semi¬ 
conductor  technology  will  triple  mi¬ 
croprocessor  clock  speeds  in  five 
years,  he  predicts.  But  those  clock  im¬ 
provements  plus  improved  exploita¬ 
tion  of  parallelism  by  various  means 
will  boost  total  throughput  by  a  factor 
of  six  to  seven,  Rattner  says. 

Multithreading  and  chip  multiproc¬ 
essing  will  be  especially  important  in 
servers,  because  they  routinely  handle 
workloads  —  transaction-processing, 
Web  and  database  applications  —  that 
are  inherently  threaded. 

Desktop  PCs  are  more  likely  to  run 
single-user,  single-threaded  applica¬ 
tions.  As  a  result,  the  relentless  race 
for  higher  processing  speeds  on  the 
desktop  may  soon  be  meaningless,  says 
Kevin  Krewell,  a  senior  analyst  and  ed¬ 
itor  of  MicroDesign  Resources’  “Mi¬ 
croprocessor  Report”  newsletter. 

“In  servers,  more  power  and  scalabil¬ 
ity  are  always  welcome,”  he  says.  “But 
on  the  desktop,  what  do  you  do  with 
3  GHz,  4  GHz,  5  GHz?  There  could  be  a 
plateau,  when  we  get  the  ‘good  enough’ 


processor.”  Krewell  says  designs  for 
desktop  processors,  and  especially  note¬ 
books,  will  increasingly  go  after  other 
things,  such  as  low  power  consumption, 
low  mass  and  quiet  operation. 


In  the  Silicon  Trenches 

While  the  microprocessor  vendors 
work  to  boost  throughput,  at  another 
level  they  toil  to  find  ways  to  dodge 
the  laws  of  physics.  Current  silicon 
processors  have  circuit  features  that 
are  130  nanometers  (nm)  wide.  Future 
generations,  coming  at  two-year  inter¬ 
vals,  will  shrink  that  to  15  nm  or  so  — 
about  as  low  as  you  can  go  in  silicon. 
Getting  there  won’t  be  easy. 

“As  we  go  from  130  nm  to  90  nm  to 
65  nm  and  then  to  42  nm,  the  standby 
power  dissipation  is  the  single  most 
important  problem  at  the  silicon  and 
circuit  design  level,”  says  IBM’s  Davari. 
The  leakage  of  power,  which  is  waste¬ 
ful  and  generates  heat,  increases  “dra¬ 
matically,  exponentially,”  he  says. 


IBM  and  other  companies  are  turning 
to  “strained  silicon,”  a  technique  that 
boosts  performance  and  lowers  power 
consumption  by  stretching  silicon  mol¬ 
ecules  farther  apart,  allowing  electrons 
to  flow  though  the  transistors  up  to  70% 
faster.  Chip  makers  are  also  experi¬ 
menting  with  new  materials  and  meth¬ 
ods  for  making  “gates”  —  which  con¬ 
trol  the  electrical  flow  through  a  tran¬ 
sistor  —  smaller,  faster  and  more  effi¬ 
cient.  “These  things  all  started  as  per¬ 
formance  solutions,  but  now  they  are 
solving  power  problems,”  Davari  says. 

Davari  says  IBM  may  eventually  ex¬ 
tend  its  existing  dual-core  architecture 
to  hundreds  of  processors  on  a  chip.  It 
will  also  integrate  dynamic  RAM  with 
logic  on  a  single  chip,  greatly  reducing 
CPU-memory  communication  delays, 
increasing  throughput  and  lowering 
power  consumption.  And  it  will  move 
application-specific  functions,  such  as 
encryption,  video  compression  or  speech 
processing,  from  software  or  off-chip 
hardware  to  the  processor  chip,  he  says. 

Dual-core  processor  chips  will  bring 
performance  gains,  but  there  may  be 
cost  drawbacks,  Krewell  says.  The 
question  is  whether  software  vendors 
will  view  a  dual-core  processor  as  one 
or  two  processors  for  licensing  purpos¬ 
es.  “Intel  convinced  Microsoft  that  hy¬ 
perthreading  is  one  processor,  although 
it  looks  to  the  software  like  two  proces¬ 
sors,”  he  says.  “But  as  you  put  two  cores 
on  there,  then  four  cores,  will  vendors 
still  consider  it  one  processor?”  I 


PROCESSOR  RROCNOSTICATIOHS 

Read  a  forecast  of  how  the  competition  among  micro¬ 
processor  vendors  will  play  out  over  the  next  few  years: 
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High-end  servers  today  con¬ 
tain  64-bit  processors,  while 
desktops  and  notebooks  run 
32-bit  CPUs,  as  do  many  low-end  servers.  Most  servers  need,  or  would 
at  least  benefit  from,  the  4GB-plus  memories  that  a  64-bit  address 
space  permits.  Vendors  disagree  on  the  timing,  but  it’s  reasonable  to 
think  that  desktop  PC  users  will  someday  also  want  4GB  of  memory. 

It  will  be  more  than  five  years  before  desktop  PCs  are  routinely  pow¬ 
ered  by  64-bit  processors,  says  Justin  Rattner,  director  of  micro¬ 
processor  research  at  Intel.  In  the  meantime,  Intel’s  64-bit  Itanium 
line  for  servers  and  the  32-bit  x86-based  processors  for  desktops 
and  notebooks  will  move  ahead  independently. 

In  contrast,  Advanced  Micro  Devices  Inc.  says  it  will  move  its  en¬ 
tire  line  of  microprocessors  to  64  bits  in  2004.  Its  new  Opteron  chip 
for  servers,  to  be  introduced  next  month,  will  be  able  to  run  both  32- 
and  64-bit  software.  Servers  with  32-bit  processors  will  be  obsolete 
in  a  year,  and  desktop  users  will  want  64  bits  in  three  to  five  years, 
“when  4GB  of  memory  will  be  pretty  cheap,"  says  Fred  Weber,  chief 
technology  officer  for  computation  products  at  AMD. 

The  companies’  different  outlooks  on  the  migration  to  64  bits  can 


perhaps  be  explained  by  their  very  different  processor  architectures. 
AMD  has  built  instruction-set  compatibility  between  its  32-bit  proc¬ 
essors  and  its  64-bit  processors.  Code  can  be  easily  ported  from  one 
to  the  other  and  will  perform  well  on  either,  AMD  says.  IBM  and  Sun 
have  built  a  similar  compatibility  into  their  32-  and  64-bit  processors. 
Intel  chose  to  go  a  different  route:  The  64-bit  Itanium  line  is  an  entire¬ 
ly  new  architecture  with  a  different  instruction  set  from  the  old  x86 
architecture,  which  the  company  now  calls  IA32.  The  Itanium  per¬ 
forms  poorly  in  32-bit-emulation  mode,  analysts  say,  and  code  can’t 
be  ported  from  IA32  to  Itanium  without  recompiling  and  testing. 

“If  you  are  moving  from  x86  to  Itanium,  it’s  a  big  job,”  says  Kevin 
Krewell,  editor  of  “Microprocessor  Report.”  “That's  why  Intel  has 
been  helping  -  with  a  lot  of  development  money  -  software  vendors 
to  recompile  for  Itanium.” 

Nevertheless,  he  says,  there  are  advantages  to  Intel’s  separate 
architectures:  Banias  for  mobile,  Pentium  for  desktop  PCs,  Xeon  for 
workstations  and  low-end  servers,  and  Itanium  for  larger  servers. 
Each  can  be  tailored  and  tuned  to  meet  different  objectives.  The 
much-smaller  AMD  can't  afford  to  do  that,  Krewell  says. 

-GaryH.Anthes 
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WANTRAFFIC 


Quaker  chemical  Corp. 

faced  a  dilemma.  The  Con- 
shohocken,  Pa.-based  compa¬ 
ny  wanted  to  bring  a  band- 
width-intensive  enterprise 
resource  planning  (ERP)  sys¬ 
tem  online  without  making  costly  up¬ 
grades  to  its  frame-relay  links  between 
five  locations  in  Europe  and  the  U.S. 

So  Bubba  Tyler,  vice  president  and 
CIO,  tried  installing  wide-area  net¬ 
work  traffic-compression 
appliances  in  each  loca¬ 
tion.  The  devices  freed  up 
enough  bandwidth  to 
meet  the  needs  of  the  ERP  application. 
In  fact,  they  performed  so  well  that 
Tyler  is  considering  reducing  the  size 
of  the  existing  connections. 

Companies  with  far-flung  operations 
are  increasingly  turning  to  traffic  com¬ 
pression  appliances  as  lower-cost  al¬ 
ternatives  to  upgrading  the  bandwidth 
of  WAN  links.  The  technology  behind 
these  appliances  isn’t  all  new,  but  cor¬ 
porate  IT  budget  constraints  and  a  re¬ 
turn  on  investment  in  as  short  a  time 


as  one  year  have  made  the  devices  an 
increasingly  attractive  option. 

Some  of  the  compression  algorithms 
used  in  these  appliances  have  been 
around  for  a  decade  or  more  and  have 
been  available  as  add-on  software  or 
hardware  to  WAN  routers  from  Cisco 
Systems  Inc.  and  others.  For  example,  a 
compression  card  can  be  added  to  Cis¬ 
co’s  2600  router  for  $995  or  to  its  3660 
and  3700  series  routers  for  $2,000. 

But  with  IT  focusing  on  cost  savings, 
several  small  WAN  compression  appli¬ 
ance  vendors  have  jumped  in  with 
plug-and-play  products  that  they  claim 
are  more  efficient  and  easier  to  config¬ 
ure.  The  vendors  claim  that  their  tools 
improve  throughput  by  a  factor  of  two 
to  10  and  boast  higher  compression 
rates  than  compression-enabled 
switches. 

Cisco  dismisses  the  claims.  “We’ve 
seen  interest  in  compression  for  years 
but  have  never  seen  the  market  take 
off,”  says  Kip  Sides,  manager  of  prod¬ 
uct  marketing  at  Cisco.  The  reason:  the 
“expense  of  deploying  and  managing 


WAN  traffic-compression  devices 
can  free  up  bandwidth  on  busy  links, 
eliminating  expensive  service 
upgrades.  By  Matt  Hamblen 

COMBESSION 


it,  and  the  benefits  aren’t  really  that 
significant,”  he  says.  “We  could,  over 
time,  see  a  reasonable  benefit  to  new 
technologies,  but  we  are  skeptical.” 

Some  users  and  analysts  disagree. 
Cisco  seems  focused  on  providing  big¬ 
ger,  more  comprehensive  networking 
platforms  rather  than  compression 
add-ons,  says  Mark  Fabbi,  an  analyst  at 
Gartner  Inc.  in  Stamford,  Conn. 

Quaker  Chemical’s  Tyler  says  he 
didn’t  want  to  go  through  the  time  and 
complexity  of  setting  up  his  Cisco  gear 
for  compression,  opting  instead  for  ap¬ 
pliances  from  Peribit  Networks  Inc.  in 
Santa  Clara,  Calif.  “We  could  spend 
days  or  maybe  weeks  tuning  the  Cisco 
switches  and  have  to  use  other  equip¬ 
ment  to  do  the  analysis,  or  we  could 
just  plug  in  the  [Peribit]  SR-50s  and  be 
up  and  running,”  he  says. 

The  results  speak  for  themselves, 
says  Tyler.  “We  now  estimate  we  won’t 
have  to  add  any  bandwidth  for  our  on¬ 
going  growth  in  the  ERP  and  other  ap¬ 
plications  we  have  on  the  drawing 
board,”  he  says.  Instead,  Tyler  is  con¬ 
sidering  reducing  the  committed  infor¬ 
mation  rate  on  some  frame-relay  links, 
which  currently  range  from  256K  to 
1.44M  bit/sec.  The  SR-50  appliances 
sell  for  $6,000  each,  but  he  says  it 
would  have  cost  him  three  to  five 
times  that  amount  to  increase  band¬ 
width,  depending  on  the  link. 

GeoLogistics  Corp.  connected  29 
branch  offices  to  its  global  data  center 
in  England  using  Accelerator  1800  de- 
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To  accommodate  a  new,  bandwidth- 
hungry  ERP  application,  Quaker  in¬ 
stalled  Peribit  SR-50  series  compres¬ 
sion  appliances  across  its  frame-relay 
network.  Now,  instead  of  increasing 
link  speeds,  the  company  is  considering 
reducing  them. 


vices  from  Expand  Networks  Inc.  at 
each  site  and  two  Accelerator  4800 
boxes  at  the  data  center,  says  interna¬ 
tional  network  manager  Morey  Straus. 
The  Santa  Ana,  Calif.-based  global 
freight  logistics  provider  began  adding 
the  devices  from  Roseland,  N.J.-based 
Expand  in  2001,  when  bandwidth  de¬ 
mands  started  rising  as  as  result  of  a 
move  from  dumb  terminals  to  PCs  and 
thin  clients. 

“When  I  first  heard  about  Expand, 
my  initial  reaction  was  that  it  was 
probably  just  more  Cisco  compression, 
which  gives  you  maybe  a  15%  improve¬ 
ment,”  says  Straus.  “But  with  Expand, 
we’ve  been  getting  between  three  to 
four  and  a  half  times  the  throughput. 
It’s  a  world  away  from  Cisco  compres¬ 
sion.”  Straus  says  the  system  paid  for 
itself  in  three  months.  His  average  cost 
to  double  the  port  speed  from  64K  to 
128K  bit/sec.  on  one  link  was  $8,000. 

He  equipped  each  site  with  an  Expand 
appliance  for  less  than  $2,000;  the  two 
boxes  at  the  data  center  cost  $20,000. 

Dreyer  Medical  Clinic  in  Aurora,  Ill., 
deployed  Accelerator  boxes  on  each 
end  of  four  56K  bit/sec.  point-to-point 
circuits  in  northeastern  Illinois,  says 
Stephen  Hart,  network  and  systems  ad¬ 
ministrator. 

“We  didn’t  want  to  upgrade  the 
lines,  since  it  costs  from  $600  to  $2,300 
a  month  to  install  a  Tl,”  he  says.  The 
eight  appliances,  which  have  been  de¬ 
ployed  for  about  two  years,  cost 
$12,000,  plus  $250  annually  per  appli¬ 
ance  for  support,  he  says.  Hart  says  the 
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boxes  paid  for  themselves  in  less  than 
one  year. 

Dreyer  has  since  installed  Citrix  Sys¬ 
tems  Inc.  thin-client  applications, 
which  he  says  could  be  a  “network 
hog,”  but  the  system  has  been  able  to 
support  that,  he  says.  “We  get  up  to 
nine  times  the  performance  increase, 
and  there  are  no  data  integrity  issues,” 
he  notes.  Most  users  have  no  idea  the 
system  is  in  place,  he  says.  “I  never  get 
a  call  saying  the  system  is  running  fast 
today,  but  it  prevents  a  slowdown.” 

The  Secret  Sauce 

All  the  vendors  use  similar  technolo¬ 
gies  that  find  common  bit  or  byte  pat¬ 
terns,  replace  them  with  much  shorter 
markers  that  refer  to  the  original  data 
and  transmit  those  to  the  recipient.  All 
appliances  expand  on  older,  well- 
established  compression  technologies 
such  as  Lempel-Ziv-Stac,  named  after 
its  creators.  But  that  doesn’t  mean  the 
appliances  are  standardized  —  or  in¬ 
teroperable.  Current  offerings  require 
the  installation  of  identical  compres¬ 
sion  appliances  on  each  end  of  a  WAN 
link,  usually  inside  the  corporate  fire¬ 
wall,  to  avoid  security  problems. 

Expand  uses  at  least  two  different 
compression  algorithms.  Its  appliances 
sort  headers  by  type  of  traffic,  such  as 
file  transfer  protocol,  and  remove  re¬ 
dundant  information  common  to  each 
traffic  type.  They  then  use  a  bit  pat¬ 
tern-recognition  algorithm  that  deter¬ 
mines  data  stream  patterns  and  caches 
those  on  both  sides  of  the  WAN. 


Peribit  has  patented  a  technique  it 
calls  Molecular  Sequence  Reduction 
(MSR)  that’s  based  on  pattern-recogni¬ 
tion  algorithms  previously  used  to 
study  DNA,  says  Amit  Singh,  Peribit’s 
co-founder  and  chief  scientist.  He 
claims  that  MSR  holds  tens  to  hun¬ 
dreds  of  megabytes  of  patterns,  while 
other  devices  examine  only  a  2KB  win¬ 
dow  of  data  before  moving  to  the  next 
window.  MSR  also  has  a  built-in  “adap¬ 
tive  dictionary”  of  patterns  that  puts 
greater  value  on  the  most  frequent  and 
largest  patterns  seen  in  data  streams. 

Peribit  makes  the  highest  perfor¬ 
mance  claims,  but  analysts  are  dubious 
about  the  company’s  claims  of  techno¬ 
logical  superiority.  “Peribit  has  made 


lots  of  noise  about  its  DNA  connec¬ 
tion,  but  its  technology  is  not  signifi¬ 
cantly  different  than  Expand’s,  [and] 
Expand  has  been  more  successful  with 
customers,”  says  Thomas  Mendel,  an 
analyst  at  Giga  Information  Group  Inc. 
in  Cambridge,  Mass.  Expand’s  aggres¬ 
sive  pricing  may  help  explain  that. 
Peribit  responded  in  January  with  the 
introduction  of  a  new  low-end  model, 
the  $2,900  SR-20. 

WAN  traffic  appliances  remain  a 
niche  market  dominated  by  small  play¬ 
ers.  Peribit  has  been  shipping  products 
for  just  15  months  and  boasts  100  cus¬ 
tomers  worldwide,  and  Expand  claims 
to  have  more  than  500  customers. 

Both  vendors  and  analysts  expect 
more  users  to  turn  to  these  devices, 
but  they  differ  in  growth  estimates.  Jef 
Graham,  president  and  CEO  of  Peribit, 
expects  WAN  traffic-compression 
sales  to  shoot  to  $5  billion  in  coming 
years.  “That’s  overstated  by  a  magni¬ 
tude  of  10  or  more,”  counters  Fabbi. 
Mendel  puts  that  market,  which  is 
mainly  held  by  Peribit  and  Expand,  at 
about  $20  million,  and  he  says  it  will 
expand  to  $50  million  in  mid-2004. 

But  Mendel  also  warns  that  the 
vendor  landscape  could  completely 
change  in  the  next  two  years.  He  ex¬ 
pects  the  market  for  stand-alone  com¬ 
pression  appliances  to  last  perhaps  an¬ 
other  two  years  before  the  functions 
are  absorbed  into  the  next  generation 
of  routers  offered  by  Cisco  and  others. 
That  means  an  IT  manager  should  de¬ 
ploy  only  if  he  expects  an  ROI  in  a  year 
or  less.  “If  you  can’t  calculate  an  ROI  of 
12  months  or  less,  don’t  do  it,”  he  says.  ► 

COMPRESSION  DECISION 

Quaker's  Bubba  Tyler  discusses  the  pros  and  cons: 
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Compression  Appliance  Offerings 

Peribit  Networks  Inc. 

ITWorx  Inc. 

Santa  Clara,  Calif., 

Burlington,  Mass. 

www.peribit.com/ 

www.itworx.com 

Peribit  claims  its  SR  series  rack-mounted 

NetCelera  starts  at  $2,500  for  a  64K  bit/sec. 

appliances  can  improve  capacity  by  a  factor 

connection  and  supports  up  to  45M  bit/sec. 

of  up  to  10.  The  SR-20  supports  sub-512  K 

links.  ITWorx  claims  it  can  improve  capacity 

bit/sec.  circuits:  the  SR-50  and  55  support  up 

by  a  factor  of  up  to  10. 

to  2M  bit/sec.  Pricing  starts  at  52,900. 

Packeteer  Inc. 

Expand  Networks  Inc. 

Cupertino,  Calif. 

Roseland,  N.J. 

:  www.packeteer.com/ 

www.expand.com/ 

With  PacketShaper  Xpress,  Packeteer  has 

Accelerator  series  pricing  starts  at  $2,000. 

added  acceleration  capabilities  to  its  Packet- 

Expand  claims  up  to  a  three  and  a  half  times 

Shaper  route  optimization  line.  Prices  start  at 

capacity  improvement. 

S5.000  for  a  128K  bit/sec.  connection. 
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hen  Bad  Thinas 
Happen  to  Goo 

A  slick  security  product  demonstration 
only  serves  to  prove  that  vendors  often 
don't  think  enough  about  what  security 
managers  need.  By  Vince  Tuesday 


emls 


HOW  MUCH  MONEY  do 
you  have  in  your  bud¬ 
get?  You  have  to  be 
aware  that  this  is  very 
expensive  software.” 

Ah,  the  not-so-sweet  sound 
of  the  sales  pitch. 

Much  of  my  work  as  a  secu¬ 
rity  manager  is  like  that  of  a 
juggler,  always  keeping  balls 
in  the  air.  My  daily 
goal  is  to  deal  with 
the  next  falling  ball, 
be  it  a  virus  attack, 
a  new  e-commerce 
project  or  some  sus¬ 
pected  abuse. 

This  week,  howev¬ 
er,  I  was  able  to  lift  my  gaze 
for  a  few  days  to  think  about 
future  needs  and  meet  with 
vendors.  And  once  again,  a 
slick  product  demonstration 
showed  all  too  clearly  one 
vendor’s  fundamental  inability 
to  understand  our  needs. 

Two  Challenges 

We  are  meeting  with  vendors 
to  address  two  challenges. 
First,  we  need  to  better  man¬ 
age  the  volume  of  security 
data  we  gather.  Our  antivirus 
applications,  vulnerability 
data,  intrusion-detection  sys¬ 
tems,  Firewalls,  routers,  oper¬ 
ating  systems  and  everything 
else  we  touch  produce  valu¬ 
able  security  data,  but  in  dif¬ 
ferent  formats. 

It’s  expensive  to  train  our 
staff  to  understand  this  mod¬ 
ern-day  Tower  of  Babel,  and 
it  takes  up  costly  extra  time 
when  we  must  deal  with  inci¬ 
dents.  If  we  could  automati¬ 
cally  translate  and  link  securi¬ 
ty  events,  we  would  reduce 
costs  and  further  improve 
our  defenses. 


The  second  challenge  is  to 
step  up  monitoring  beyond 
our  signature-based  approach 
to  detect  unusual  or  anom¬ 
alous  behavior  that  doesn’t 
match  a  known  signature.  Giv¬ 
en  that  the  SQL  Slammer 
worm  is  reported  to  have  tak¬ 
en  less  than  10  minutes  to  in¬ 
fect  every  vulnerable  system 
on  the  planet,  it’s 
clear  that  waiting 
for  an  update  from  a 
vendor  isn’t  going  to 
work  on  its  own. 

Pulling  together 
diverse  security  in¬ 
formation  is  a  com¬ 
mon  problem,  and  many  ven¬ 
dors  have  products  to  address 
it,  including  the  vendor  whose 
salesman  finished  up  his  ses¬ 
sion  with  that  pitch  I  quoted 
in  the  beginning  of  this  article. 
I  looked  into  this  area  a  few 
years  ago,  and  the  products 
were  very  immature.  I  was 
hoping  that  the  latest  versions 
would  have  something  inter¬ 
esting  to  offer. 

We  invited  several  vendors 


The  product  ran  and 
worked,  which  in 
some  ways  was  the 
curse  of  their  presen¬ 
tation.  If  they  had 
stuck  with  PowerPoint 
screenshots,  we 
wouldn’t  have  seen 
what  made  the  whole 
thing  useless  to  us. 


to  demonstrate  how  their  soft¬ 
ware  could  save  us  time,  effort 
and  cost. 

The  vendor  I  mentioned 
previously  certainly  put  on  a 
good  show.  Its  salespeople  ar¬ 
rived  with  an  entire  network 
in  a  suitcase  and  proceeded  to 
unpack  and  set  up  servers, 
clients  and  a  hub.  The  product 
ran  and  worked,  which  in 
some  ways  was  the  curse  of 
their  presentation.  If  they  had 
stuck  with  PowerPoint  screen- 
shots,  we  wouldn’t  have  seen 
what  made  the  whole  thing 
useless  to  us. 

Poor  Display 

The  tool  pulled  in  an  enor¬ 
mous  range  of  data,  stored  it 
in  a  database,  correlated  root 
causes  and  generated  alerts  on 
them.  It  sounded  good. 

However,  the  front-end  soft¬ 
ware  had  an  awful  graphical 
user  interface.  It  was  clunky 
and  slow  —  an  unpleasant 
thing  to  force  on  my  analysts, 
who  would  use  it  day  in  and 
day  out. 

The  procedure  that  ad¬ 
dressed  the  detection  of  corre¬ 
lated  events  was  particularly 
bad.  A  window  popped  up  that 
displayed  an  identification. 

But  when  I’m  presented  with 
an  alert  indicating  that  a 
whole  series  of  linked  things 
has  happened,  I  want  to  see 
the  details  of  all  the  underly¬ 
ing  events  and  the  reasoning 
used  to  link  them,  so  I  can  un¬ 
derstand  how  to  respond.  The 
sales  team  understood  this,  so 
they  had  cut  and  pasted  the  ID 
into  a  SQL  report  and  run  a  re¬ 
port  against  the  database. 

But  the  whole  point  of  this 
application  was  to  reduce  my 
team’s  manual  work.  Why 
couldn’t  we  just  click?  Appar¬ 
ently,  we  could  add  our  own 
scripts  to  take  the  action  we 
wanted  when  an  ID  was 
raised. 

But  isn’t  the  point  of  buying 


software  to  get  something  that 
does  the  work  for  me?  If  I 
wanted  a  framework,  I’d  just 
send  all  the  money  I  have  to 
BMC  or  Tivoli. 

Then  came  the  deal-killer.  If 
you  wanted  to  see  whether 
new  events  had  occurred 
within  that  correlation,  the 
tool  couldn’t  tell  you.  Instead, 
you  had  to  rerun  the  report.  So 
you  might  get  an  ID  for  a  few 
innocuous  linked  events  and 
discount  it,  and  unless  you 
continually  reran  the  report  to 
check,  a  bunch  of  horrible 
events  could  be  added  under 
your  nose.  My  team  has 
enough  problems  keeping  up 
with  the  raw  data  without 
adding  another  layer  of  work. 

Not  to  worry,  though.  Ap¬ 
parently,  these  “minor”  issues 
will  be  resolved  in  the  next 
version.  If  a  product  saves  me 
a  lot  of  money,  then  I’ll  pay  a 
lot  for  it.  It’s  simple,  really.  In 
this  case,  I  don’t  have  to  worry 
how  expensive  this  tool  might 
be,  since  I  won’t  be  buying  it. 

It  looks  like  I  won’t  be  sav¬ 
ing  money  by  automating  our 
processes  just  yet.  I’m  sure 
some  managed-service  pro¬ 
viders  have  ways  to  do  this 
well.  But  since  that’s  the  core 
of  their  business,  I  doubt 
they’ll  sell  it  to  me  on  a  CD. 

Perhaps  the  new  generation 
of  anomaly-detection  software 
will  have  something  worth 
emptying  my  budget  into.  But 
I  had  best  be  off  to  meet  with 
more  vendors  before  all  those 
balls  I’m  juggling  start  coming 
back  down.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Vince  Tuesday,”  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  vince. 
tuesday@hushmail.com,  or  join  the  dis¬ 
cussion  in  our  forum: 

QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to: 

O  computerworld.com/secjournal 
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Security  Bookshelf 

Network  Security 
Principles  and 
Practices,  by  Saadat 
Malik,  Cisco  Press, 

2002 

This  774-page  tome  is 
a  detailed  technical 
guide  to  protecting 
and  managing  large 
networks.  It  covers  protecting 
Cisco  Systems  Inc.  devices 
and  managing  and  configuring 
firewalls,  virtual  private  net¬ 
works  and  Intrusion-detection 
systems.  It  also  discusses  how 
large  networks  and  Internet 
service  providers  can  protect 
against  distributed  denial-of- 
service  attacks.  I  found  the 
guide  to  troubleshooting  in¬ 
stallations  particularly  useful. 

The  book  covers  only  Cisco 
products,  but  much  of  the 
guidance  is  applicable  to  other 
companies’  wares.  It's  a  must- 
read  if  you’re  considering  tak¬ 
ing  security-related  Cisco  Cer¬ 
tified  Internetworking  exams.  I 
would  also  recommend  it  to 
anyone  involved  in  the  techni¬ 
cal  details  of  protecting  large 
networks. 

-  Vince  Tuesday 


StillSecure 
Does  Desktops 

Latis  Networks  Inc.  in  Superi¬ 
or,  Colo.,  has  released  Version 
2.0  of  the  StillSecure  Vulnera¬ 
bility  and  Assessment  Man¬ 
agement  suite,  which  includes 
a  new  desktop  module  and 
helps  users  scan,  track  and 
manage  vulnerabilities  on  Win¬ 
dows  and  Macintosh  systems. 
Annual  pricing  starts  at  $895. 

New  Tool  Blocks 
Worm  Traffic 

Silicon  Defense  Inc.  an¬ 
nounced  CounterMalice,  a  tool 
that  monitors  and  blocks  net¬ 
work  traffic  associated  with 
worms.  Instead  of  relying  on 
worm  signatures,  the  product 
detects  and  blocks  suspicious 
traffic  patterns  at  the  network 
layer,  according  to  the  Eureka, 
Calif. -based  vendor.  Counter- 
Malice  ships  in  the  next  quar¬ 
ter;  pricing  starts  at  $25,000. 
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Find  confidence  in  the  midst  of  chaos. 


Focus  on  the  best  in  network  security,  every  step  of  the  way. 


Start  with  a  secure  foundation. 

Our  operating  system,  IPSO,  is  built  from  the  ground  up  for  security.  It  eliminates 
many  vulnerabilities  common  to  general-purpose  servers,  and  also  incorporates 
our  patented  IP  Clustering  technology.  Multiple  Nokia  security  appliances  can  be 
linked  as  one,  on  the  fly,  for  new  levels  of  performance,  reliability  and  scalability. 


Integrate  the  best  in  network  security  expertise. 

Partners  like  Check  Point  Software  Technologies,  Internet  Security  Systems  and  F5 
help  us  deliver  the  full  capabilities  of  their  VPN,  firewall,  intrusion  protection,  and 
Internet  traffic  management  applications.  To  learn  about  the  other  ways  we  give 
our  customers  greater  peace  of  mind,  just  visit  www.nokia.com/ipsecurity/na. 


IMOKIA 

Connecting  People 


Dell  |  Small  and  Medium  Business 

Your  business  has  unique  needs.  It  deserves  a  unique  solution.  From  PowerEdge  servers  featuring  Intel®  Xeorf 
processors  to  PowerVault  Storage  and  PowerConnect  Switches,  we  offer  tailored  solutions  to  meet  your  business  needs. 
And  of  course  it's  Dell,  so  you  know  you're  getting  the  latest  technology.  But  that's  only  half  of  the  story.  Dell  offers 
consulting  services  that  range  from  deployment  and  installation  to  training  and  certification.  All  from  one  source.  And 
everything  is  backed  by  thousands  of  service  and  support  people  at  your  beck  and  call,  on-site,  online  and  on  the  phone. 
Suddenly  your  IT  infrastructure  doesn't  seem  so  daunting.  Let  Dell's  one-of-a-kind  solutions  put  you  on  the  path  to 
one-of-a-kind  success. 


Dell  Rated  #1  in  Intel-Based  Server  Satisfaction 

Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

Third  Quarter  2002 
-  December  2002 
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Pricing.  specifications,  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary  and  not  subject  to  discounts  U.S  Dell  Small  Business  new  purchases  only  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography, 

'This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not.  and  may  not  be.  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained. 

Se>  -  .ce  may  he  provided  by  third  party  Technician  will  be  dispatched  following  phone-based  troubleshooting  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell.  U.S.  only  'For  hard  drives.  GB  means 
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Remote  Office  &  File/Print  Sharing  Web  Server 


Database 


PowerEdge™  600SC  Server 

Entry-Level  Server  with  Performance  Features 

•  Intel* *  Pentium*  4  Processor  at  2.40GHz 

•  128MB  200MHz  ECC  DDR  SDRAM 

•  Upgradeable  to  4GB  of  Memory 

•  36GB5  (1  OK  RPM)  SCSI  Hard  Drive  (Up  to  146GB5  HD  Avail) 

•  Upgradeable  to  584GB5  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel*  PRO  Gigabit*  NIC 

•  Five  PCI  Expandability  Slots  (4-64/33MHz,  1-32/33MHz| 

•  Embedded  Systems  Mgmt  Devices  for  Error  Detection 

•  1-Vr  24x7  Dedicated  Server  Phone  Tech  Support 

•  1-Vr  Next  Business  Day  On-Site  Service’ 


$649 


as  low  as  $18/mo„  (46  prats?1) 

E-VALUE  Code:  17252-S20306s 


PowerEdge™  1650  Server 

Highly  Available  1U  Rack-Optimized  Server 

•  Intel*  Pentium*  III  Processor  at  1 .1 3GHz 

•  Dual  Processor  Capable 

•  256MB  133MHz  ECC  SDRAM  (Up  to  4GB) 

•  36GB5  (1  OK  RPM)  SCSI  Hard  Drive  (Up  to  146GB5  HD  Avail) 

•  Upgradeable  to  438GB  of  Internal  Hard  Drive  Storage 

•  Dual-Embedded  Intel*  PRO  Gigabit*  NICs 

•  Two  PCI  Expandability  Slots  (2-64/66MHz) 

•  Hot-Swap  Redundant  Cooling  Fans 

•  3-Yr  Next  Business  Day  On-Site  Service’ 

•  Small  Business  Pricing 


$1299 


as  low  as  $35/mo„  (46  pmts?1) 

E-VALUE  Code:  17252-S20312s 


PowerEdge™  2650  Server 

2U  Scalable  Rack  Server  with  High  Processing  Power 

•  Intel®  Xeon"  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon”  Processor  Capable  (Up  to  2.80GHz) 

•  256MB  200MHz  ECC  DDR  SDRAM  (Up  to  6GB) 

•  36GB5  (10K  RPM)  SCSI  Hard  Drive  (Up  to  146GB5  HD  Avail) 

•  Upgradeable  to  730GB5  of  Internal  Hard  Drive  Storage 

•  Dual-Embedded  Gigabit*  NICs 

•  Dual-Channel  Integrated  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day,  On-Site  Service’ 

•  Small  Business  Pricing 


$1799 


as  low  as  $49/mo„  (46  prats*1) 

E-VALUE  Code:  17252-S20317s 


For  a  complete  server  solution  we  recommend  these  additions: 

•  PowerConnect  2016 16-Port  Ethernet  Switch,  add  $119 

•  PV100T-TR5  Tape  Back-Up.  add  $199 


For  a  complete  server  solution  we  recommend  these  additions: 

•  PowerConnect  3024*  Managed  24+2GB  Switch,  add  $599 

•  Custom-Install  Site  Survey,  add  $199 


For  a  complete  server  solution  we  recommend  these  additions: 

•  PowerConnect  3248*  Managed  48+266  Switch,  add  S999 

•  PowerVault  112T-DDS4  (Dual  Drive  Capable) 

Tape  Back-Up,  add  $1499 


The  answers  you  need.  Easy  as 
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Presence 

Technology 

DEFINITION 

H  Presence  technology  allows  a  network  user  to  know  tl 
k  when  another  user  is  connected  to  the  network  and  fa 
U  thus  available  to  receive  and  immediately  answer  a  i| 
ll  communication.  Instant  messaging,  pioneered  by 
T  America  Online,  is  the  first  and  best-known  example  jl 
H  of  a  presence  technology  Sjj 


BY  RUSSELL  KAY 

N  TODAY’S  INFORMATION 
economy,  digital  technolo¬ 
gies  let  us  easily  communi¬ 
cate  with  colleagues  and 
customers  around  the 
world.  E-mail  has  giv¬ 
en  us  an  asynchronous 
communications 
medium  that  helps 
free  us  from  the  stric¬ 
tures  of  time-zone  differences. 
We  can  send  a  message  at  any 
time  and  get  a  reply  at  the  oth¬ 
er  person’s  convenience. 

But  there  can  be  times  when 
we  may  need  a  quick  answer 
from,  say,  any  of  a  dozen  peo¬ 
ple,  and  it  takes  a  while  just  to 
find  one  of  that  dozen  who  is 
available. 


With  the  growing  use  of  in¬ 
stant  messaging  (IM)  technol¬ 
ogy,  such  as  America  Online 
Inc.’s  AOL  Instant  Messenger 
(AIM)  and  Microsoft  Corp.’s 
Messenger  services, 
we  now  have  a  better 
alternative. 

If  we  have  those 
dozen  people  on  our 
“buddy  list,”  we  can 
tell  at  a  glance  if  any  of  their 
computers  are  logged  onto  the 
network  and  whether  they’ve 
been  active  recently.  We  can 
tell  if  Judy  in  engineering  is 
open  to  communications,  and 
we  can  send  her  a  quick  IM  to 
ask  a  question.  Her  reply  by 
IM  or  phone  can  resolve  the 
problem  efficiently. 


Although  AIM  started  as  a 
consumer-grade  technology,  it 
was  quickly  adopted  by  many 
businesses  that  saw  its  advan¬ 
tages  in  enabling  quick  com¬ 
munications  and  providing 
presence  information. 

The  rapid  growth  in  its  use 
brought  competition,  notably 
from  Microsoft  and  Yahoo 
Inc.,  which  made  their  own 
products  that  interoperated 
with  the  AIM  servers.  How¬ 
ever,  AOL  soon  managed  to 
shut  them  out,  and  the  result 
for  the  past  several  years  has 
been  a  plurality  of  competing 
networks  of  IM  products  that 
can’t  talk  to  one  another. 

Compatibility?  Interoper¬ 
ability?  Standards?  Not  yet, 


but  there’s  hope  for  the  near 
future  (see  box  below).  One 
potential  complication  is  that 
in  September  2002,  AOL  re¬ 
ceived  a  U.S.  patent  on  IM 
technology.  To  date,  AOL  has 
given  no  indication  that  it  in¬ 
tends  to  charge  its  competi¬ 
tors  with  infringement. 

A  Wider  Presence 

The  traditional  model  of  IM  is 
widening  rapidly  as  more 
people  carry  handheld  wire¬ 
less  devices  and  as  cellular 
telephones  perform  more 
functions. 

LM  Ericsson  Telephone  Co., 
Motorola  Inc.  and  Nokia  Corp. 
formed  the  Wireless  Village 
Initiative  to  build  presence 
technology  into  their  mobile- 
phone  services  (also  called 
m-presence  capability).  Offi¬ 
cially  known  as  the  Instant 
Messaging  and  Presence  Ser¬ 
vices  Solution  (IMPS),  this 
should  let  users  know  if  the 
people  they’re  trying  to  con¬ 
tact  are  available,  even  before 
they  pick  up  the  phone.  You’ll 
only  have  to  push  a  few  but¬ 
tons  to  see  if  the  other  per¬ 
son’s  phone  is  turned  on  and  if 
that  person  is  on  the  phone,  in 
a  meeting  or  even  at  lunch. 

There’s  even  discussion  of 
using  Global  Positioning  Sys¬ 
tem  technology  in  future  ver¬ 
sions  of  m-presence  to  let  you 
know  where  a  person  is  even 
before  you  make  the  phone 
call.  This  is  similar  to  recent 
moves  to  incorporate  location 
data  into  cell  phone  transmis¬ 
sions  for  law  enforcement  and 
public  safety  purposes. 

Once  that  capability  is  in 
place,  extending  it  to  other 
devices  and  other  inquiries  is 
a  potential  next  step.  But 
before  that  can  happen,  we 
need  more  and  better  inter¬ 
operability  among  messaging 
networks.  • 


Kay  is  a  Computerworld  con¬ 
tributing  writer  in  Worcester, 
Mass.  You  may  contact  him  at 
russkay@charter.net. 


Are  there  technologies  or  issues  you’d  like 
to  learn  about  in  QuickStudy?  Send  your 
ideas  to  quickstudy@computerworld.com 

To  find  a  complete  archive  of  our 
QuickStudies,  go  online  to 
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Standardizing  IM  and  Presence 


THOUGH  MANY  INTERNET  stan¬ 
dards  make  IM  and  presence 
technology  possible,  there  aren’t 
yet  any  definitive  standards 
across  the  industry.  However,  the 
incompatibility  of  current  IM  prod¬ 
ucts,  which  has  resulted  in  three 
major  silos  of  users,  may  be  com¬ 
ing  to  an  end. 

The  Internet  Engineering  Task 
Force's  (IETF)  recently  approved 
a  new  working  group  to  focus  on 
the  Extensible  Messaging  and 


Presence  Protocol  (XMPP). 

According  to  the  group’s  char¬ 
ter  (on  the  Web  at  www.ietf.org/ 
html.charters/xmpp-charter.html), 
“XMPP  is  an  open,  XML-based 
protocol  for  near  real-time  exten¬ 
sible  messaging  and  presence. 

It’s  the  core  protocol  of  [Denver- 
based  Jabber  Inc.’s]  Jabber  In¬ 
stant  Messaging  and  Presence 
technology,  which  is  currently  de¬ 
ployed  on  thousands  of  servers 
across  the  Internet  and  is  used  by 


millions  of  people  worldwide.” 

Session  Initiation  Protocol 
(SIP),  a  signaling  standard  for  set¬ 
ting  up  and  managing  communi¬ 
cations  sessions  between  differ¬ 
ent  media,  is  one  of  two  key  pro¬ 
tocols  for  presence  technology 
[QuickLink  35318], 

The  other  important  protocol  is 
SIP  for  Instant  Messaging  and 
Presence  Leveraging  Extensions, 
which  isn’t  yet  an  IETF  standard 
but  still  serves  as  a  uniform  way  to 
add  presence. 

-Russell  Kay 


Getting  the 
Messaging 

PUBLIC  SERVICES:  These 
include  AOL  Instant  Messen¬ 
ger,  MSN  Messenger  and 
Yahoo  Messenger.  These 
products: 

■  Are  available  to  everybody, 
ss  Are  often  free. 

■  Use  a  centralized,  third-par¬ 
ty  server  to  relay  messages. 

PRIVATE  SERVICES:  These 
three  providers  of  public  IM 
systems  also  have  enterprise 
versions  designed  for  corpo¬ 
rate  use:  AOL  Enterprise  AIM, 
Yahoo  Messenger  Enterprise 
Edition  and  Microsoft  Mes¬ 
senger  Connect  for  Enterpris¬ 
es.  These  products  offer: 

&  Secure  IM 

■  Message  logging 

*  Enterprise-class  service 
a  Corporate  control  of  mes¬ 
saging  servers  and  policies 

COLLABORATION  TOOLS: 

These  collaboration  systems 
include  presence  technology: 

■  IBM  Lotus  Sametime 
software 

■  Groove  Networks  Inc.’s 
Groove  Workspace 

■  Microsoft’s  Windows 
Server  2003 

PRESENCE  TECHNOLOGY 
PRODUCT  VENDORS: 

■  Bantu  Inc. 

Washington 
www.bantu.com 
a  Comverse  Inc. 

Wakefield,  Mass. 
www.comverse.com 

■  Dynamicsoft  Inc. 

East  Hanover,  N.J. 
www.dynamicsoft.com 

■  FaceTime  Communica¬ 
tions  Inc.,  Foster  City,  Calif. 
www.facetime.com 

■  Invertix  Corp. 

Alexandria,  Va. 
www.invertix.com 

■  Jabber  Inc. 

Denver 

www.jabber.com 

■  NotePage  Inc. 

Hanover,  Mass. 
www.notepage.com 

■  Press  nceWorks  Inc. 

Alexandria,  Va. 
www.presenceworks.com 

■  Vayusphere  Inc. 

Mountain  View.  Calif. 
www.vayusphere.com 
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SCO  Group  Ships 
OpenServer  5.07 

The  SCO  Group  Inc.  has  released 
Version  5.0.7  of  its  OpenServer 
Unix  operating  system,  with  en¬ 
hanced  hardware  support,  inte¬ 
grated  open-source  tools  and  a 
new  SCO  Update  Service.  It’s 
available  in  Enterprise,  Host  and 
Desktop  versions  and  includes 
Universal  Serial  Bus  2.0  integra¬ 
tion  and  new  driver  support.  It 
supports  Intel  Corp.’s  Pentium  4 
and  Xeon  chips,  as  well  as  Athlon 
XP  and  MP  chips  from  Advanced 
Micro  Devices  Inc.  Lindon,  Utah- 
based  SCO  has  priced  the  operat¬ 
ing  system  starting  at  $699. 


Datastick  Rolls  Out 
Bluetooth  Software 

Datastick  Systems  Inc.  in  Santa 
Clara,  Calif.,  last  week  an¬ 
nounced  new  software  that  will 
use  Bluetooth  wireless  technolo¬ 
gy  to  connect  manufacturing- 
floor  sensors  to  Palm  Inc.  hand¬ 
helds.  The  software,  Datastick 
Connection  Plus  BT  for  ICHM, 
runs  on  Palm’s  Tungsten  T  and 
m500  series  handhelds  with 
Palm’s  Bluetooth  card.  The  soft¬ 
ware  is  available  on  a  Bluetooth- 
enabled  manufacturing-floor  sen¬ 
sor  from  Oceana  Sensor  Tech¬ 
nologies  Inc.  in  Virginia  Beach, 
Va.  Pricing  wasn’t  disclosed. 


Vendors  Bring 
Office  to  Linux 

Tarantella  Inc.  and  CodeWeavers 
Inc.  are  partnering  to  offer  secure 
Web  access  to  Microsoft  Office 
and  other  Windows  applications 
hosted  on  Linux  servers.  St.  Paul, 
Minn.-based  CodeWeavers  will 
offer  a  new  Internet-optimized 
version  of  CodeWeavers  Cross- 
Over  Office  Server  Edition,  which 
allows  Linux  to  run  Windows  ap¬ 
plications  in  a  distributed  thin- 
client  environment.  The  software 
will  be  available  next  month  as 
part  of  Tarantella’s  Enterprise  3. 
Pricing  starts  at  $2,380  for  25 
users  from  CodeWeavers  and 
$150  per  user  from  Santa  Cruz, 
Calif.-based  Tarantella. 


NICHOLAS  PETRELEY 


And  Here’s 
The  Pitch 


‘ELCOME,  FOLKS,  to  the  first  game 
of  the  software  World  Series,  with 
Microsoft  going  up  against  the  Cus¬ 
tomer.  I’m  Harv  Coney,  doing  the 
play-by-play  with  my  co-host,  Hank  Kee. 

“Bill  Gates  is  the  lead-off  hitter  for  Microsoft,  with 
Jean  Paoli  on  deck.  Bill  will  be  facing  right-hander 
Mark  Kett  tonight.  Mark  is  famous  for  his  Linux-ball, 
which  has  given  Gates  trouble  all  season.  What  do  you 
think  Bill’s  going  to  do  tonight,  Hank?” 

“It’s  hard  to  say,  Harv.  Bill  is  a  good  switch-hitter. 
Remember  back  in  1996  when  Microsoft  played  Unix 
Expo  in  New  York?  He  got  an  infield  single  by  saying 
Windows  NT  was  basically  the  same  thing  as  Unix. 


But  he’s  almost  sure  to  go 
for  a  Unix  slam  tonight.” 

“Here  comes  the  first 
pitch.  And  it’s  a  Linux-ball, 
high  and  inside.  Bill  swings 
and  misses  with  a  com¬ 
ment  about  how  hard  it 
was  for  Microsoft  to  com¬ 
pete  when  IBM  put  all  its 
resources  behind  OS/2!” 

“Wow,  I  don’t  think  any¬ 
one  saw  that  coming,  Harv. 

Everyone  knows  our  bat- 
boy  supported  OS/2  more 
than  IBM  did.” 

“Good  point,  Hank.  Now  here’s  the 
windup.  And  the  pitch.  Bill  swings  and 
misses  with  the  ‘too  many  incompati¬ 
ble  versions  of  Linux’  comment.  That’s 
Strike  2.  Kett  fidgets  on  the  mound. 
And  here’s  the  windup  for  the  0-2 
pitch.  He  fires  another  Linux-ball,  this 
time  straight  down  the  middle!  Bill 
hits  the  ball  down  the  left-field  line 
with  the  comment  that  ‘Linux  is  like 
Unix,  which  is  like  building  a  747  by 
committee.’ 

“Left  fielder  Reggie  Stir  gets  a  bead 


on  the  ball  and  catches  it 
easily  with  the  old  joke 
about  how  Windows  is  like 
an  attractive  plane  that  ex¬ 
plodes  in  midair  without 
warning.  One  out;  and  that 
brings  up  Jean  Paoli.” 

“Harv,  Jean’s  had  a  pretty 
good  batting  average 
against  the  press  with 
XML  this  year,  but  his 
overall  average  is  low,  es¬ 
pecially  against  pennant 
contenders.” 

“Here’s  the  first  pitch  to  Paoli.  It’s  a 
Linux-ball  low  and  outside  for  Ball  1. 
Kett  works  quickly;  he  winds  and 
deals.  It’s  an  OpenOffice  change-up. 
Paoli  swings  with  Office  11  and  hits  it 
right  to  the  shortstop,  Sunny  Micro  — 
who  boots  the  ball!  Paoli  rounds  first 
base  as  Sunny  finds  the  handle  and 
throws  it  to  Dot  Org  at  second.  Now 
the  runner’s  hung  up  between  first  and 
second!  He’s  got  nowhere  to  go,  and 
Dot  runs  him  down  and  tags  him  for 
the  second  out.” 

“I  suspected  Jean  might  get  himself 
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into  a  pickle.  If  he’s  lying  about  open¬ 
ing  up  the  Office  document  format, 
there’ll  be  a  backlash  from  customers. 
If  he  really  opens  up  the  document 
format,  the  free  OpenOffice  will  im¬ 
port  those  documents  and  draw  away 
customers.” 

“That’s  right,  Hank.  Well,  it’s  up  to 
the  next  batter,  Pat  Ent,  to  give  Micro¬ 
soft  a  little  life  this  inning.  Wait,  it 
looks  like  Microsoft  is  sending  in  Dee 
R.  Emm  to  pinch-hit  for  Pat.  Dee 
spends  most  of  her  free  time  promot¬ 
ing  digital  rights.” 

“Right  now  she  has  to  worry  about 
Kett’s  privacy-ball,  Harv.  She’s  been 
batting  under  .100  against  that  pitch  all 
season.  But  she’s  had  her  scouts  out 
researching  everything  they  can  find 
out  about  Mark  Kett  and  his  pitching 
strategy,  and  I  hear  she  has  a  pretty  de¬ 
tailed  database  on  Mark  —  including 
what  he  does  in  his  personal  life.” 

“Here  comes  the  first  pitch.  It’s  a 
Media  Player-ball  low  and  inside. 

Emm  hits  it  with  a  list  of  all  the  DVDs 
Kett  has  watched  over  the  past  six 
months,  but  it’s  out  of  reach  in  foul 
territory.  Kett’s  into  his  windup;  he  de¬ 
livers  —  and  it’s  way  out  of  the  strike 
zone.  Wow,  that  was  almost  a  wild 
pitch,  Hank.  Dee  seems  to  have  un¬ 
nerved  him  with  that  last  swing.” 

“Maybe  she  hasn’t  listed  all  of  the 
DVDs.” 

“Good  point,  Hank.  Now  Mark 
comes  back  with  the  privacy  pitch. 

Dee  hits  it  deep  into  center  field!  Go¬ 
ing,  going  —  gone!  And  it’s  1-0  Micro¬ 
soft,  in  the  top  of  the  first!” 

“Well,  Harv,  it  looks  like  there’s 
plenty  of  excitement  ahead.  We’ll  be 
right  back  after  this  word  from  our 
sponsor,  Microsoft.”  ► 


WANT  OUR  OPINION? 
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Want  to  cut  your  IT  costs  without  sacrificing 
performance?  PRIMEPOWER  Servers  from  Fujitsu. 

DThe  secret  is  out.  PRIMEPOWER™ Solaris™- compatible 
servers  from  Fujitsu®  deliver  a  major  breakthrough  in 
price/performance  compared  to  our  more  famous 
competition.  Want  proof?  PRIMEPOWER  servers  offer 
such  an  advantage  that  the  world’s  leading  com¬ 
panies  use  them  to  boost  their  performance.  And  there’s  a 
PRIMEPOWER  server  that’s  right  for  any  application  you  need— 
from  single  CPU,  rack-mounted  servers  to  enterprise-ready 
systems  that  scale  to  1 28  CPUs  for  unsurpassed  performance  in 
the  data  center. 

Of  course,  it’s  not  just  the  hardware  you’re  buying.  It’s  also 
Fujitsu’s  30+  years  of  experience  supporting  high-perform¬ 
ance,  mission-critical  systems.  We’ve  already  helped  many 
companies  consolidate  their  IT  infrastructures  and  lower  their 
Total  Cost  of  Ownership.  Our  free  white  paper,  The  Why  and 
How  of  Server  Consolidation,  explains  how.  Get  your  copy  at 
www.ftsi.fujitsu.com/ad.  Or  call  (877)  905-3644. 


Attend  our  webcast  to  learn  more: 
“Understanding  The  Role  of  Solaris  and 
Linux  Platforms  in  Tomorrow’s  Data  Centers: 
An  I  DC  Webcast.” 
www.ftsi.fujitsu.com/services/idc 
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All  or  Nothing 

General  Motors  farms  out  nearly  all 
of  its  IT  operations,  while  Bank  One 
has  brought  most  of  its  IT  work  back 
in-house.  Their  CIOs  tell  how 
business  needs  and  the  economy 
guided  their  IT  decisions.  Page  42 


Predictable  Surprises 

Many  disasters  are  preventable  if 
you  know  how  to  spot  them  coming, 
says  Michael  D.  Watkins,  who  wrote 
an  article  about  the  subject  in  this 
month’s  Harvard  Business  Review 
with  Max  H.  Bazerman.  Page  44 


OPINION 

Look  Before  You 
Leap  to  Outsource 

Do  your  homework  before 
signing  on  the  dotted  line, 
advises  columnist  Bart 
Perkins.  Page  46 


OUTSOURCING  IS  OFTEN  A  DIRTY  WORD 

among  the  IT  ranks,  but  CIO  George 
Lin  has  used  it  to  boost  morale  at  Doc- 
umentum  Inc.,  a  maker  of  enterprise 
content  management  software  in 
Pleasanton,  Calif. 

When  most  companies  outsource, 
Lin  says,  they  “keep  the  core  and  out¬ 
source  the  context.”  But  Lin  gives  em¬ 
ployee  satisfaction  equal  weight  in  the 
outsourcing  decision.  That  has  prompt 
ed  him  to  keep  in-house  some  areas 
that  many  would  consider 
“context”  and  outsource 
some  that  are  “core.” 

“If  everybody  else  is  out¬ 
sourcing  something,  maybe 
you  should  too,  but  it  really 
depends  from  company  to  company,” 
says  Lin,  whose  unconventional  ap¬ 
proach  has  made  his  IT  group  a  model 
for  out-of-the-box  thinking  at  the  com¬ 
pany. 

Lin  isn’t  alone.  Iconoclastic  IT  lead¬ 
ers  are  learning  that  when  it  comes  to 
outsourcing,  thinking  about  the  idio¬ 
syncrasies  of  your  business  is  much 
more  important  than  following  the 
rules.  For  example,  the  IT  help  desk  is 
often  the  first  thing  to  go  because  it 
plays  a  supporting  role  that’s  not  seen 
as  adding  value.  But  an  early  attempt  at 
outsourcing  taught  Lin  that  the  help 
desk  is  the  business’s  window  to  IT. 

“No  matter  how  good  your  back-end 
operation  is,  it’s  only  as  good  as  it’s 
perceived  at  the  help  desk,”  Lin  ex¬ 
plains.  “So  if  you  outsource  that  with¬ 
out  thinking  it  through,  you  can  create 
an  internal  perception  that  customers 
are  not  getting  the  best  service.” 

Lin’s  philosophy  also  led  him  to  out¬ 
source  Documentum’s  worldwide  net¬ 
work,  a  core  technology  for  the  compa¬ 
ny,  which  is  dispersed  geographically. 
Senior  network  engineer  Stan  Wolf 
was  spending  too  much  of  his  time 
manually  rerouting  traffic  among  com¬ 
pany  sites  when  the  Internet  or  frame- 
relay  network  connections  failed. 

“He  was  pulling  his  hair  out  trying  to 
keep  the  network  working,”  Lin  recalls. 
And  because  the  company  was  grow¬ 
ing  rapidly,  the  addition  of  more  sites 


OUTSOURCING 

WATCH 


would  soon  make  things  worse. 

Lin  outsourced  networking  responsi¬ 
bility  to  Virtela  Communications  Inc. 
in  Greenwood  Village,  Colo.,  which 
provides  and  manages  a  virtual  private 
network  across  39  Documen- 
tum  locations.  Each  site  now 
has  a  single  primary  con¬ 
nection  for  Internet  and 
wide-area  network  (WAN) 
access  and  a  fallback  Digital 
Subscriber  Line  service  in 
case  of  failure. 

Virtela  manages  every¬ 
thing,  including  the  last- 
mile  connection  and  the 
various  intricacies  of  each 
site. 

The  virtual  private  network  has  in¬ 
creased  bandwidth  at  the  sites  by  25% 
to  100%,  decreased  latency  by  10%  and 
cut  WAN  costs  by  half.  But  most  im¬ 
portant,  Lin  says,  “we  gave  the  network 
guy  back  his  sanity.  Now,  instead  of 
worrying  about  lights  and  switches, 
he’s  really  leveraging  his  skill  set  to 
help  the  business.” 

“It  can  be  a  big  career  boost  for  peo¬ 
ple  when  you  outsource  those  things 
where  you  can’t  add  value  as  an  inter¬ 
nal  IT  worker,”  says  Julie  Giera,  an  ana- 
Continued  on  page  40 


Breaking 
Outsourcing 

Boundaries 

Forget  following  the  conven¬ 
tional  rules.  Focus  on  the  idio¬ 
syncrasies  of  your  business. 

By  Kathleen  Melymuka 


Dociimentum 


CIC  GEORGE  LIN 


IT  Challenge:  Managing  a  virtual  private  net¬ 
work  across  39  locations,  while  anticipating 
further  growth. 

The  Payoff:  The  virtual  private  network  has 
increased  bandwidth  at  the  sites  by  25%  to 
100%,  decreased  latency  by  10%  and  cut 
WAN  costs  by  50%. 


Lessens  Learned:  Employee  satisfaction  and 
technology  concerns  must  be  given  equal 
weight  in  outsourcing  decisions. 
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Continued  from  page  39 

lyst  at  Giga  Information  Group  Inc.  in 

Cambridge,  Mass. 

Wolf  agrees.  “This  frees  me  up  to 
focus  on  business  requirements  and 
overall  service  delivery  to  internal  cus¬ 
tomers,”  he  says. 

Moreover,  Lin’s  unconventional  ap¬ 
proach  has  made  IT  a  model  depart¬ 
ment.  “Outsourcing  has  been  a  very 
critical  component  of  our  strategy,” 
says  Documentum  CEO  Dave  DeWalt. 
“I  showcase  George  and  his  operations 
to  our  customers.” 

All  in  the  Family 

Early  in  1998,  Y2k  preparations  and 
other  large  initiatives  were  straining 
human  resources  at  Allstate  Insurance 
Co.  in  Northbrook,  Ill.  Nearly  50%  of 
the  IT  workers  were  contractors.  “It 
was  extremely  expensive  and  getting 
more  and  more  difficult  to  manage,” 
says  Mike  Scardina,  assistant  vice  pres¬ 
ident  for  finance.  Contractor  turnover 
was  also  a  problem.  “People  would 
walk  out  the  door  with  two  to  four 
years  of  Allstate  knowledge,”  he  says. 
Allstate  had  to  find  a  way  to  keep  its 
intellectual  capital  and  lower  costs. 

The  solution  was  to  bring  outsourc¬ 
ing  in-house.  Allstate’s  parent  compa¬ 
ny,  The  Allstate  Corp.,  developed  its 
own  offshore  outsourcing  operation, 
Northbrook  Technology  of  Northern 
Ireland  Ltd.  in  Belfast.  “We  went  to 
Belfast  and  found  the  cost  structure, 
language  accessibility,  culture  and  time 
zone  all  extremely  advantageous,”  says 
Scardina. 

Initially,  Northbrook  performed 
maintenance  and  low-contact  develop¬ 
ment  work  that  didn’t  require  much  in¬ 
teraction  with  the  U.S.  group.  But  in  its 
third  year,  the  group  is  dealing  more 
directly  with  users  in  the  U.S.,  main¬ 
taining  or  developing  more  than  60 
Allstate  systems,  including  Unix  ad¬ 
ministration,  security,  financial  and  in¬ 
frastructure  applications,  and  technol¬ 
ogy  for  agents,  call  centers,  underwrit¬ 
ers  and  claims.  Costs  have  been  re¬ 
duced  by  more  than  half. 

Northbrook  also  has  been  a  source 
of  skills  in  newer  technologies  that  are 
harder  to  find  in  the  U.S.  marketplace, 
such  as  speech  recognition.  “It’s  a 
great  resource  for  us,”  says  Chief  Tech¬ 
nology  Officer  Cathy  Brune.  “And  we 
don’t  have  to  think  twice  about  the 
contract  or  developing  a  whole  new  re¬ 
lationship,”  because  the  people  are  em¬ 
ployees  of  the  parent  corporation. 

The  six-hour  time  difference  gives 
Brune  additional  flexibility  for  shift 
work,  but  it  also  allows  real-time  com¬ 
munication  during  the  day. 


“It’s  pretty  clever,”  says  Giga’s  Giera. 
“I  think  you’re  going  to  see  this  contin¬ 
ue  as  a  trend.  Just  as  companies  moved 
manufacturing  offshore  because  it’s 
cheaper  to  make  sneakers  in  China, 
programming  and  IT  can  be  another 
business  process  to  move  offshore.” 

But  it’s  not  for  everybody,  she  adds, 
citing  a  large  bank  in  New  York  that 
created  a  subsidiary  in  India  that  failed 
because  business  units  resisted  send¬ 
ing  work  out.  “The  key  is  to  have  exec¬ 
utive  support,  enough  work  to  support 
it  and  an  incentive  for  the  business 
units  to  use  the  offshore  facility,”  she 
says.  “Otherwise,  it  won’t  succeed.” 

It’s  also  important  to  treat  such  out¬ 
sourcing  arrangements  as  business  — 


»We  don’t  have 
to  think  twice 
about  the  contract  or 
developing  a  whole 
new  relationship 
[because  the  people 
are  employees]. 

CATHY  BRUNE,  CTO,  ALLSTATE 


Allstate 

Insurance 


CATHY  BRUNE 

Bring  outsourcing  back 
in-house  to  retain  talent  and  lower  costs 
by  creating  an  offshore  outsourcing  enti¬ 
ty,  Northbrook  Tec  aology  of  Northern 
Ireland  Ltd. 

Costs  have  been  reduced  by 
more  than  half,  and  Northbrook  is  a 
source  of  skills  in  newer  technologies 
that  are  harder  to  find  in  the  U.S. 

Such  projects  need  ex¬ 
ecutive  support,  adequate  demand  for  IT 
services  and  an  incentive  for  the  business 
units  to  use  an  offshore  facility. 


not  family  —  relationships,  says  Stuart 
Kliman,  a  director  at  Vantage  Partners 
LLC,  a  consulting  firm  in  Boston  that 
specializes  in  helping  companies  insti¬ 
tutionalize  their  relationship  manage¬ 
ment  capabilities.  “You  shouldn’t  as¬ 
sume  just  because  you  own  [the  out¬ 
sourcing  unit  that]  you  will  work  effec¬ 
tively  with  them,”  he  says.  “I  would  at¬ 
tend  to  the  core  organizational  work¬ 
ing  relationships  with  as  much  if  not 
more  discipline  than  I  would  with  a 
traditional  provider.” 

Northbrook  is  handling  all  of  All¬ 
state’s  outsourcing,  and  the  demand 
for  its  services  continues  to  grow  as 
business  units  look  to  cut  costs.  The 
Northbrook  staff  has  grown  to  more 
than  700,  with  2003  revenue  in  excess 
of  $30  million,  and  Allstate’s  U.S.  IT 
staff  has  grown  as  well,  Brune  says. 

The  Hybrid  Approach 

In  a  financial  services  company  like 
Coast  Capital  Savings  in  Vancouver, 
British  Columbia,  the  technology  for 
the  banking  operation  is  about  as  core 
as  you  can  get,  but  Coast  Capital  out¬ 
sources  it  —  sort  of. 

CIO  Joel  J.  Rosenberg  uses  Sanchez 
Computer  Associates  Inc.  in  Malvern, 
Pa.,  an  outsourcer  that  develops  and 
maintains  core  banking  technology  for 
financial  institutions  throughout  the 
world.  But  his  internal  IT  employees 
have  access  to  the  Sanchez  source 
code,  enabling  them  to  connect  the 
core  system  to  custom  applications 
such  as  data  warehouses,  ATMs  and 
debit  card  systems.  “We’ll  leverage  the 
vendor’s  expertise  and  skills  as  we  see 
fit  in  terms  of  business  needs,”  says 
Dave  Smart,  manager  of  business  solu¬ 
tions.  “Because  we  have  the  source 
code,  we’re  able  to  meet  business 
needs  with  in-house  resources.” 

“They  focus  on  improving  the  tech¬ 
nology  platform,”  Rosenberg  says. 

“Our  internal  IT  people  focus  on  is¬ 
sues  closer  to  the  customer.”  For  exam¬ 
ple,  the  IT  group  is  currently  integrat¬ 
ing  the  core  system  with  a  new  custo¬ 
mer  relationship  management  system 
from  Talisma  Corp.  in  Kirkland,  Wash. 
“Banking  data  and  information  will  be 
flowing  in  real  time,”  says  Rosenberg. 
“It  requires  real-time  linkage,  so  our 
folks  are  working  on  that.” 

“We  understand  the  business  re¬ 
quirements  and  do  business  program¬ 
ming,”  Smart  says.  “We  don’t  do  low- 
level  programming.  We  don’t  support 
the  database.  That’s  a  skill  set  we’re 
not  interested  in.” 

Giera  says  leveraging  in-house  skills 
is  a  good  way  to  do  more  with  less. 
“That’s  where  companies  get  the  most 
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le  hybrid  outsourced 

staffing  arrangement  was  chosen  follow¬ 
ing  a  merger  with  a  firm  that  had  already 
been  planning  to  convert  to  a  new  system. 

A  3  savings  over 
projected  costs 

Managing  the  process¬ 
es  that  enable  in-house  folk:  o  work  with 
out  cers  is  key  to  preventing  n<  ative 
per  ;ept  ns  and  establishing  trust. 


value  out  of  their  programming  staff, 
because  they  know  not  only  the  tech¬ 
nology  but  also  the  business,”  she  says. 

It’s  also  economical.  After  a  recent 
merger  with  a  financial  institution  that 
was  planning  to  convert  to  a  new  sys¬ 
tem,  the  new  partner  was  drawn  into 
the  hybrid  arrangement,  partly  be¬ 
cause  it  was  expected  to  deliver  80% 
savings  over  projected  costs. 

Kliman  applauds  the  practicality  of 
hybrid  outsourcing,  but  he  notes  that 
this  type  of  relationship  brings  chal¬ 
lenges.  “Companies  in  this  situation 
should  really  pay  attention  to  the  proc¬ 
esses  they  put  in  place  to  enable  their 
in-house  folks  to  work  effectively  with 
the  outsourcers,”  he  says.  “If  they  don’t 
manage  that  well,  negative  perceptions 
and  trust  problems  could  lessen  the 
value.” 

Keeping  your  priorities  straight  is 
the  key  to  successful  outsourcing,  says 
Documentum’s  Lin.  “Outsourcing 
should  improve  the  agility  of  the  busi¬ 
ness  and  the  agility  of  the  IT  organiza¬ 
tion  and  make  it  more  effective,”  he 
says.  “When  it’s  done  right,  outsourc¬ 
ing  is  a  win  for  everybody.  If  you  real¬ 
ize  cost  savings,  that’s  a  bonus.”  I 


Melymuka  is  a  Computerworld 
contributing  writer.  Contact  her  at 
kmelymuka@earthlink.net. 


Are  wires  getting  in  the 
way  of  your  business? 

Then  attend  the  content-rich  conference 
that  sees  an  enterprise  without  wires 
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YOUR  CHALLENGE 

Mobile  and  wireless  technologies 
push  the  enterprise  envelope  every 
day,  from  customer-facing  applica¬ 
tions  all  the  way  to  the  factory  floor. 
With  the  proliferation  of  more 
devices  and  services,  how  can  user 
organizations  stay  on  the  cutting 
edge?  How  can  they  find  today's 
most  promising  mobile  and  wireless 
technologies?  And  how  can  they 
learn  how  other  companies  and 
industries 
apply  the  latest 
TJL  |  and  greatest 
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•  Converge  with  analysts  and  press 
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technologies  that  you  can  implement  right  away 
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GMand 
Bank  One 
take  opposite 
approaches 
to  outsourcing. 
By  Thomas 
Hoffman 


Genera] 

Motors 

RALPH  SZYGENDA 

Successful  management 
of  GM’s  global  outsourcing  model. 

Improves  speed  and  agility 
for  IT  decision-making  nd  execution, 
and  increases  engineering  productivity. 

Don’t  rely  or  single 
outsourcer  for  services;  don’t  farm  out 
managem  it  and  IT  architecture  duties 
to  a  third  party  -  keep  them  in-house. 


I 


INSOURCING  VS.  OUTSOURCING.  It’s  the 
great  debate  these  days  for  many  IT 
executives  who  are  struggling  to  cost- 
justify  the  most  effective  way  to  run 
their  IT  operations. 

But  experts  say  it’s  not  a  question  of 
right  or  wrong,  but  of  which  strategy 
best  fits  a  company’s  business  model. 

General  Motors  Corp. 
and  Bank  One  Corp.  an¬ 
swered  the  question  by 
taking  divergent  paths. 

Along  with  the  business 
rationales  behind  their 
strategic  choices,  the  CIOs  at  the  two 
companies  offer  up  some  of  the  tough 
lessons  they  have  learned  along  their 
separate  ways. 

GM’s  Third  Wave 

For  many  people  in  the  IT  industry, 

GM  has  become  synonymous  with  out¬ 
sourcing.  The  $186.6  billion  auto  giant 
purchased  Electronic  Data  Systems 
Corp.  in  1984  from  Ross  Perot  and  out¬ 
sourced  virtually  all  of  its  IT  opera¬ 
tions  to  the  Plano,  Texas-based  IT 
services  provider  under  a  precedent¬ 
setting  10-year,  $40  billion  agreement. 

In  1996,  GM  spun  off  EDS  to  operate 


as  a  stand-alone  company  and  began 
redistributing  some  of  GM’s  IT  work 
to  other  services  firms  such  as  IBM, 
Cap  Gemini  Ernst  &  Young  and  Accen¬ 
ture  Ltd.  During  its  12-year  exclusive 
arrangement  with  EDS,  GM  encoun¬ 
tered  its  share  of  problems  in  the  rela¬ 
tionship,  but  the  automaker’s  commit¬ 
ment  to  an  outsourced 
model  remains  fervent. 

“If  you  don’t  put  a  model 
in  that  works,  it  makes 
it  look  like  outsourcing 
doesn’t  work,”  says  Ralph 
Szygenda,  GM’s  CIO  since  June  1996. 
He  insists  that  most  companies  that 
switch  from  an  outsourced  to  an  in- 
house  approach  “typically  don’t  have 
the  right  model  in  place  to  manage 
outsourcing.”  As  a  result,  they  mistak¬ 
enly  end  up  blaming  outsourcing  as 
a  discipline. 

Szygenda  acknowledges  that  “GM 
had  done  things  wrong  in  outsourcing 
its  work,  but  we  changed  the  model; 
we  didn’t  go  back  and  insource.”  Early 
outsourcing  mistakes  that  GM  later 
corrected  include  contracting  a  single 
source  for  services  and  farming  out 
management  and  IT  architecture 


OUTSOURCING 

WATCH 


responsibilities  to  a  third  party. 

Today,  in  what  he  calls  the  compa¬ 
ny’s  third  wave  of  outsourcing,  Szygen¬ 
da  and  his  team  of  1,700  IT  employees 
manage  GM’s  outsourcing  relation¬ 
ships  with  a  multitude  of  vendors,  in¬ 
cluding  all  of  the  major  outsourcing 
companies.  The  GM  IT  group  also 
oversees  the  various  vendors’  relation¬ 
ships  and  alignment  with  GM’s  eight 
global  operating  groups  and  major 
subsidiaries,  including  GMAC  Finan¬ 
cial  Services,  Hughes  Electronics  Corp. 
and  GM  Locomotive  Group. 

During  the  first  wave  of  outsourcing, 
by  contrast,  GM  handed  all  of  its  IT  ac¬ 
tivities  over  to  EDS.  “Pricing  was  too 
high  because  there  wasn’t  any  compe¬ 
tition,”  says  Szygenda. 

Even  if  a  single  outsourcer  has  the 
best  intentions  to  get  the  job  done, 
there’s  no  incentive  for  it  to  complete 
tasks  within  budget  and  scope,  because 
there’s  no  threat  of  it  being  replaced, 
he  notes. 

GM  has  also  learned  that  it’s  a  mis¬ 
take  to  outsource  strategic  manage¬ 
ment  of  its  IT  environment  and  archi¬ 
tecture  to  a  third  party,  which  is  what 
it  did  under  the  original  agreement 
with  EDS.  After  Szygenda  was  brought 
in  and  launched  the  second  wave  in 
1996,  he  brought  strategic  IT  manage¬ 
ment  and  information  systems  archi¬ 
tecture  in-house  to  be  driven  by  GM. 
Szygenda  put  in  place  two  layers  of  IT 
management  at  the  start  of  the  third 
wave.  These  managers  report  to  him 
and  oversee  GM’s  relationships  with 
outsourcers  and  the  business  units  that 
they  support. 

“Every  CIO  who  reports  to  me  has  a 
budget  that  they’re  measured  against,” 
says  Szygenda.  The  outsourcers  all 
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have  to  work  within  the  framework 
that  GM  has  devised,  and  while  they’re 
required  to  understand  the  GM  busi¬ 
nesses  that  they  support,  “they  don’t 
direct  the  business,”  Szygenda  says. 

Szygenda  and  his  lieutenants  believe 
that  GM’s  existing  outsourced  model 
works  well  for  a  company  its  size  be¬ 
cause  it  brings  the  auto  giant  improved 
speed  and  agility  for  IT  decision-mak¬ 
ing  and  execution.  For  example,  before 
GM  brought  Kirk  Gutmann  over  from 
Navistar  International  Corp.  in  1997  to 
be  global  product  development  infor¬ 
mation  officer,  GM’s  global  operations 
were  bloated,  the  quality  of  its  vehicles 
was  sagging,  and  it  was  taking  nearly 
four  years  for  the  company  to  bring  a 
new  vehicle  to  market. 

By  tapping  into  a  group  of  specialty 
IT  service  providers,  including  Micro¬ 
soft  Corp.  and  Hewlett-Packard  Co., 
and  automating  many  of  GM’s  opera¬ 
tions,  Gutmann  has  been  able  to  help 
remove  more  than  $1  billion  from  GM’s 
costs  and  reduce  the  time  to  market  for 
GM  vehicles  to  18  months. 

GM’s  revised  outsourcing  approach 
of  deploying  a  wide  variety  of  IT  ven¬ 
dors  instead  of  a  single  vendor  such  as 
EDS  “has  allowed  us  to  shift  resources 
more  quickly,”  says  Gutmann.  Syzgen- 
da  says  it  has  also  helped  bring  about 
double-digit  gains  in  GM’s  engineering 
productivity,  in  part  through  GM’s 
savvy  use  of  technology. 

GM  has  driven  other  hefty  bottom- 
line  benefits  from  its  outsourcing  mod¬ 
el.  In  2001  and  2002,  GM  achieved  its 
first  consecutive  years  of  market-share 
gains  in  25  years.  The  company  has 
also  cut  $800  million  annually  from  its 
IT  costs  for  the  past  seven  years.  Still, 
Szygenda  is  the  first  to  acknowledge 
that  GM’s  outsourcing  model  wouldn’t 
work  for  all  companies.  “There  is  no 
one  answer  for  any  company.  You  have 
to  go  in  and  decide  what  is  best  for 
that  company,”  he  says. 

Depositing  IT  at  Bank  One 

Chicago-based  Bank  One  has  taken  a 
considerably  different  approach  to 
managing  its  IT  operations.  In  1998,  it 
signed  a  six-year,  $1.4  billion  contract 
with  AT&T  Solutions  to  manage  the 
bank’s  voice  and  data  networks  and 
build  an  IP-based  networking  platform. 

As  part  of  that  agreement,  the  bank 
also  inked  a  seven-year,  $420  million 
pact  with  IBM  to  manage  most  of  its 
data  center  operations,  including  help 
desk  support.  At  the  time,  Bank  One, 
then  called  Banc  One,  was  in  the  proc¬ 
ess  of  merging  with  First  Chicago 
NBD  Corp. 

Since  then,  a  lot  more  than  the  name 


Savvy 

Tips 

■  An  outsourcing  model  needs 
effective  checks  and  balances. 

6M  compiles  report  cards  for  all 
the  vendors  it  works  with,  grad¬ 
ing  them  in  20  areas. 

■  Competition  is  key.  Using 
multiple  vendors  is  critical  to 
motivating  them  to  strive  for 
quality  and  keep  costs  down. 

■  Don’t  outsource  control  of 

your  company's  IT  architecture 
or  business  processes. 

■  Make  sure  that  there’s  a 
strong  business  case  for  out¬ 
sourcing  specific  IT  functions. 

■  Management  controls  - 

including  project  tracking  and 
management  systems  -  are  keys 
to  success. 

■  One  outsourcing  model  won't 
work  for  every  company. 


has  changed.  The  bank  brought  in  a 
new  CEO,  Jamie  Dimon,  a  tech-sawy 
veteran  of  Citigroup  Inc.,  and  CIO 
Austin  Adams,  the  former  CIO  at  First 
Union  Corp.  in  Charlotte,  N.C.  The 
bank  also  negotiated  to  end  its  original 
contracts  with  AT&T  Solutions  and 
IBM  before  they  were  due  to  expire. 


Today,  Bank  One  is  intent  on  main¬ 
taining  a  ratio  of  90%  in-house  IT  staff 
and  10%  contractors,  most  of  whom 
are  application  developers.  Compare 
that  with  a  70%-to-30%  ratio  just  two 
years  ago.  The  key  driver  behind  the 
change  is  the  dramatic  shift  in  the  IT 
labor  market  since  the  go-go  days  of 
the  dot-com  craze,  when  Bank  One 
was  having  trouble  recruiting  skilled 
IT  workers. 

“If  we  would  have  approached  [IT 
and  telecom  workers]  about  working 
for  a  bank  four  years  ago,  they  would 
have  laughed  at  us,”  says  Adams,  who 
in  March  2001  joined  the  bank,  which 
has  $277  billion  in  assets.  “The  world 
has  changed  a  lot  in  the  last 
three  or  four  years.  We’ve 
been  able  to  attract  a  lot  of 
technology  talent  from 
firms  that  have  been  chal¬ 
lenged  over  the  last  couple 
of  years.” 

One  of  the  key  accom¬ 
plishments  under  the  insourced  IT 
model  was  a  $500  million  system  con¬ 
version  project  that  put  all  of  the 
bank’s  transaction-related  systems,  in¬ 
cluding  deposit,  loan  and  treasury  sys¬ 
tems,  on  a  single  platform.  The  project 
started  in  2001  and  was  completed  in 
four  stages,  wrapping  up  in  November 
2002.  The  bank  expects  the  conver¬ 
sions  to  help  it  cut  $200  million  in  an¬ 
nual  operating  costs,  improve  cus¬ 
tomer  service  and  give  it  the  ability  to 
more  quickly  implement  new  products 
and  services. 

Adams  insists  the  decision  to  re¬ 
scind  the  outsourcing  agreements  with 
IBM  and  AT&T  Solutions  last  year 
wasn’t  a  result  of  dissatisfaction  with 


either  vendor.  In  fact,  the  bank  still 
does  business  with  both,  he  says. 

“It’s  not  an  issue  with  an  entity;  it’s 
philosophical  about  how  we  want  to 
do  business,”  says  Adams.  “We  feel 
strongly  that  technology  is  a  key  part 
of  our  company,  and  our  ability  to 
drive  that  is  key  and  something  that  we 
want  to  more  directly  control.” 

It  also  has  to  do  with  containing 
costs.  Adams  says  the  business  case  for 
outsourcing  those  IT  and  networking 
functions  no  longer  exists  for  Bank 
One.  For  instance,  he  notes  that  the  in¬ 
cremental  cost  for  a  company  its  size 
to  buy  hardware,  software  and  services 
directly  from  manufacturers  and  ser¬ 
vice  vendors  “is  significant¬ 
ly  lower”  than  the  premi¬ 
ums  it  would  have  to  pay  an 
outsourcer  to  provide  those 
resources. 

Adams  acknowledges 
that  there’s  a  lot  of  diver¬ 
gence  among  CIOs  over 
outsourcing.  In  Bank  One’s  case,  he 
says,  “we  have  a  CEO  who’s  very  tech¬ 
nology-literate  and  very  supportive  of 
us  and  our  ability  to  manage  this 
space.”  That  helps  explain  why  Bank 
One  has  recruited  1,800  IT  profession¬ 
als  during  the  past  17  months,  bringing 
its  IT  staff  to  4,000  people. 

Although  Adams  and  Bank  One  re¬ 
main  committed  to  insourcing,  he 
wouldn’t  rule  out  outsourcing  some  of 
its  IT  functions  under  the  right  circum¬ 
stances.  “I  wouldn’t  bury  my  head  in  the 
sand  if  there  was  a  better  value  proposi¬ 
tion,”  he  says.  “It  isn’t  a  philosophy  em¬ 
bedded  in  stubbornness  but  more  about 
the  environment  and  the  business  case 
and  the  economic  conditions.”  D 


READ  MORE 

More  companies  are  moving 
to  offshore  outsourcing: 

O  QuickLink  36712 
www.computerworld.com 


>  «  . 


Bank  One 


QIC  AUSTIN  ADAMS 

IT  Challenge:  A  $500  million  system 
conversion  that  put  all  transaction- 
related  systems  on  a  single  platform. 
Recruited  1,800  IT  professionals, 
bumping  up  in-house  IT  staff  to  4,000. 

The  Payoff:  Saved  about  $200  million 
in  annual  operating  costs,  improved 
customer  service  and  gained  the  ability 
to  implement  new  products  and  ser¬ 
vices  more  quickly. 

Lessons  Learned:  Use  available  talent  to 
your  advantage  -  four  years  ago  it  would 
have  been  nearly  impossible  to  recruit  the 
people  who  worked  on  the  conversion. 
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your  “myself-a-year-from- 
now”  hat  and  ask,  “What  will  I 
be  sorry  for  if  I  don’t  do?” 

Tell  me  about  organizational  vul¬ 
nerabilities.  Those  have  to  do 
with  the  way  an  organization 
processes  information  and 
puts  together  a  picture  of 
what’s  going  on.  The  key  prob¬ 
lem  is  a  tendency  to  silo  infor¬ 
mation.  Different  people  have 
different  pieces  of  the  puzzle, 
but  they  never  get  put  togeth¬ 
er  until  after  the  fact.  The  9/11 
disaster  is  an  example. 


ting  politics  get  in  the  way  of 
the  overall  organization,  you 
have  to  clamp  down  hard. 

You  recommend  some  practical 
“surprise-avoidance  initiatives," 
the  first  being  to  ask  people  what 
dangers  they  see  brewing.  Isn’t 
that  obvious?  Yes.  But  it’s  sur¬ 
prising  how  seldom  people  do 
it,  and  it’s  not  obvious  how  you 
go  about  doing  it.  You  need  to 
get  the  right  group  and  get 
them  to  work  through  an  exer¬ 
cise,  and  that’s  not  easy  to  do. 


Here’s  how  to  spot  IT 
disasters  in  the  making 


“You’re  never  too 
old  to  be  sur¬ 
prised.”  That  was 
the  response  of 
then-Chairman  Jack  Welch 
when  the  European  Commis¬ 
sion  vetoed  General  Electric 
Co.’s  proposed  $42  billion  ac¬ 
quisition  of  Honeywell  Inc.  in 
2001.  But  Michael  D.  Watkins,  an 
associate  professor  of  business 
administration  at  Harvard 
Business  School,  argues  that 
Welch  had  no  business  being 
surprised.  In  an  article  in  this 
month’s  issue  of  Harvard  Busi¬ 
ness  Review,  Watkins  and  co¬ 
author  Max  H.  Bazerman  posit 
that  the  institutional  blind 
spots  that  scuttled  Welch’s  deal 
are  common  throughout  busi¬ 
ness  and  government.  Watkins 
told  Kathleen  Melymuka  how 
those  same  flaws  can  blindside 
an  IT  manager  to  disasters  he 
should  have  seen  coming. 

What’s  the  difference  between  a 
true  surprise  and  a  problem  that 
could  have  been  predicted?  There 
are  many  surprises  that  are 
bolts  from  the  blue  and  can’t 
possibly  have  been  predicted. 
But  if  you  ask  senior  managers 
in  all  kinds  of  companies 
whether  there  are  problems 
they  know  about  that  probably 
are  going  to  get  worse  and 
have  the  potential  to  flash  into 
major  disasters,  the  answer  al¬ 
most  invariably  is  yes.  Should 
a  reasonable  leader  have  rec¬ 
ognized,  prioritized  and  mobi¬ 
lized  against  the  problem?  If 
the  answer  is  no,  then  hold 


them  blameless;  but  many 
problems  can  be  identified 
and  dealt  with. 

You  found  three  common  causes 
of  failure  that  can  help  managers 
avoid  predictable  surprises.  What 
are  they?  The  causes  are  psy¬ 
chological,  organizational  and 
political.  Psychological  vulner¬ 
abilities  are  flaws  in  the  way 
people  interpret  information 
and  make  decisions.  There’s  a 
well-understood  tendency,  for 
example,  to  exist  in  a  state  of 
denial,  to  stick  with  the  status 
quo  because  it’s  comfortable  or 
because  you  think  that  some¬ 
thing  with  a  very  low  probabil¬ 
ity  is  never  going  to  happen. 

Can  you  give  an  example?  The 

Slammer  worm.  This  was  a 
well-recognized  vulnerability 


in  systems.  The  patch  had 
been  available  forever.  But  ap¬ 
parently  many  IT  mangers  did 
not  do  what  was  necessary  to 
deal  with  it.  It  was  an  entirely 
predicable  surprise. 

As  an  IT  manager,  how  would  I  rec¬ 
ognize  psychological  bias  in  my  IT 
department?  People  tend  to 
harbor  illusions  that  things  are 
better  than  they  are:  “We’ll  get 
by.”  It  can  become  a  group  ra¬ 
tionalization.  Watch  out  when 
you  hear  people  say,  “We  think 
it’s  going  to  be  OK.” 

If  I  hear  that,  what  do  I  do  about  it? 

Push  back  hard:  What  if  it  isn’t 
OK?  Test  the  assumptions 
people  are  making.  Do  they 
hold  up?  What  have  they  done 
to  test  them?  Make  sure 
they’re  not  giving  undue 
weight  to  evidence  that  sup¬ 
ports  their  preconceptions. 
Discover  what’s  beginning  to 
happen  that,  if  left  unchecked, 
will  be  a  big  problem.  Take 
preventative  action.  Put  on 


What  can  I  do  about  organizational 
vulnerabilities?  You  need  a 
mechanism  for  sharing  infor¬ 
mation.  Sometimes,  it  requires 
a  cross-functional  team  put  in 
place  to  look  at  emerging  is¬ 
sues  and  trends.  The  best 
antidote  is  a  leader  forcing  a 
certain  kind  of  information 
integration  that  doesn’t  nor¬ 
mally  happen. 

And  what  about  political  vulnera¬ 
bilities?  Political  issues  have  to 
do  with  the  ability  of  focused, 
dedicated  special  interests  to 
advance  their  causes  or  pre¬ 
vent  action  at  the  expense 
of  broader  interests.  In  IT,  it 
could  be  some  group  absolute¬ 
ly  dedicated  and  focused  on 
preventing  having  some  lega¬ 
cy  system  taken  away.  They 
could  be  concealing  informa¬ 
tion  to  protect  a  piece  of  over¬ 
all  architecture  that  is  ripe  for 
disaster.  They’re  not  going  to 
let  you  touch  their  baby  till 
something  blows  up. 

How  do  you  recognize  that?  Any 

time  you  have  a  fiefdom,  you 
get  into  this.  People  are  willing 
to  suboptimize  the  whole  in  re¬ 
turn  for  a  legacy  system  getting 
protected  too  long.  They  can 
actually  prevent  implementa¬ 
tion  of  surprise-avoidance. 

What  can  I  do?  Look  hard  at  in¬ 
centives,  and  figure  out  how 
to  alter  them  so  people  have 
more  of  a  reason  to  cooperate. 
People  often  feel  if  they  don’t 
protect  what  they’re  working 
on,  their  own  performance  will 
suffer.  You  have  to  convince 
people  to  look  more  broadly, 
and  you  have  to  punish  em¬ 
pire-building.  If  people  are  let- 


Why  not?  Really  focusing  on 
problem-avoidance  means  tak¬ 
ing  time  away  from  productiv¬ 
ity.  It’s  hard  to  carve  out  time 
to  engage  in  that.  People  see  it 
as  a  luxury  they  can’t  afford 
right  up  to  the  point  where 
they’re  spending  24/7  dealing 
with  some  disaster  that  was 
foreseeable. 

Once  you’ve  identified  surprises  in 
the  making,  how  do  you  prioritize 
them?  You  array  the  threats 
and  look  at  [their]  likelihood 
and  costs  and  multiply  those. 
Sometimes,  that  doesn’t  catch 
very-low-likelihood  but  high- 
cost  threats,  so  it  gets  back  to 
incentives.  You  need  to  create 
a  structure  where  others  see  it 
as  in  their  interest  to  attack 
these  threats.  Put  people  on 
notice  that  if  they  fail  to  pre¬ 
vent  a  preventable  problem, 
they’ll  be  held  culpable. 

Why  is  coalition-building  important 
to  confront  threats  effectively? 

Unless  you’ve  got  full  author¬ 
ity,  which  never  happens, 
you’re  in  the  world  of  coali¬ 
tion-building.  As  an  IT  manag¬ 
er,  if  you  see  an  emerging 
problem  and  you  also  see  or¬ 
ganizational  resistance  to 
tackling  it,  you’ve  got  to  find 
the  pocket  of  people  who 
agree  with  you.  Ask  your  cus¬ 
tomers  what  would  happen  if 
XYZ  were  to  occur.  Build  mo¬ 
mentum  around  an  initiative 
to  tackle  the  problem.  I 


Melymuka  is  a  Computerworld 
contributing  writer.  Contact  her 
at  kmelymuka@earthlink.net. 

This  is  the  latest  in  a  series  of  monthly  dis¬ 
cussions  with  Harvard  Business  Review 
authors  on  topics  of  interest  to  IT  man¬ 
agers.  For  more,  go  to  QuickLink  35837. 


Harvard  Business  Review  article  co-authors  Michael  D. 
Watkins  and  Max  H.  Bazerman  offer  a  process  called  RPM 
—  recognize,  prioritize,  mobilize  —  to  head  off  predictable 
IT  surprises.  RPM  can  also  help  you  determine  whether  you 
should  have  been  able  to  predict  an  unpleasant  surprise. 

m  RECOGNIZE:  Did  you  use  your  resources  effectively  to  scan  the 
horizon  for  new  or  emerging  threats,  and  did  you  properly  analyze  and 
interpret  the  data  gathered? 


a  PRIORITIZE:  Did  you  perform  a  careful  analysis  of  the  probability 
and  potential  cost  of  each  threat,  giving  high  priority  to  those  with  the 

highest  impacts? 


■  MOBILIZE:  Did  you  deal  with  the  threats  in  a  way  commensurate 
with  the  risks  involved  and  the  resources  you  could  bring  to  bear? 


IN  THAT  SELF-MANAGING 


SELF-HEALING 


SORT  OF  WAY. 


NEW  DB2.  A  SELF-STARTER 


What  keeps  databases  in  game  shape?  DB2  v8,  the  most  advanced  self-managing 
database  across  Linux?  UNIX®  and  Windows®  Turbocharged  querying  and  tuning 
saves  time,  resources  and  pushes  productivity  skyward.  And,  no  matter  what  form 
your  data  is  in,  it  lets  you  access,  analyze  and  manage  it.  DB2.  It’s  part  of  the  software 
team  that  includes  Lotus?  Tivoli®  and  WebSphere®  Learn  more  at  ibm.com/db2/new 


@  business  is  the  game.  Play  to  win? 
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US  Airways  Keeps  EDS 

US  Airways  Group  Inc.  has  accepted  a 
revised  outsourcing  contract  with  Elec¬ 
tronic  Data  Systems  Corp.  that  it  had 
threatened  to  cancel.  Terms  of  the  new 
deal  weren't  disclosed.  Under  a  25- 
year  contract  signed  in  late  1997, 

EDS  provides  the  airline  with  data 
processing  and  telecommunications 
services  for  reservations,  ticketing, 
baggage  tracking,  and  flight  and  data 
security.  The  original  agreement  was 
valued  at  about  $200  million  per  year. 
US  Airways,  which  has  been  under 
Chapter  11  bankruptcy  protection  since 
August,  had  accused  EDS  of  failing  to 
honor  the  contract’s  “most  favored 
customer”  clause  by  providing  better 
terms  to  American  Airlines  Inc. 


IT  Spending  Sluggish 

According  to  recent  survey  results  from 
Forrester  Research  Inc.,  only  27%  of 
North  American  IT  decision-makers 
said  they  will  increase  their  staffs  this 
year.  And  although  35%  said  they  will 
increase  IT  spending  by  an  average  of 
1.9%  in  2003  -  a  decline  from  2.3% 
in  2002  -  the  amount  of  IT  being  out¬ 
sourced  will  inch  up  from  13%  last 
year  to  16%  for  2003. 


Including  first-time  purchases  and 
upgrades,  will  your  company  invest 
in  the  following  during  2003? 


Disaster 

recovery 

Portal  soft¬ 
ware/servers 

Business 

intelligence 

Application 

integration 

Content 

management 

software 

CRM 

software 


X:  45% 


32% 


30% 


Supply  chain 
software 


27% 


Search  engine 
technology 


mm 


ERP 

software 


24% 


Product  life  nga. 
cycle  mgmt.  fiisjf0 
software 

BASE:  877  IT  DECISION-MAKERS 
AT  NORTH  AMERICAN  COMPANIES 
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Look  Before  You 
Leap  to  Outsource 


Most  major  corporations  are 

considering  outsourcing  everything 
from  the  corporate  cafeteria  to  IT  and 
beyond.  Outsourcing  is  often  touted 
as  an  easy  way  to  achieve  more  func¬ 
tionality  for  less  money,  with  less  aggravation. 


But  how  do  these  deals 
actually  turn  out?  Cus¬ 
tomer-satisfaction  re¬ 
searchers  at  a  major  IT 
outsourcer  report  that 
most  outsourcing  relation¬ 
ships  deliver  less-than- 
expected  results,  often 
leaving  both  sides  disillu¬ 
sioned  by  the  end  of  the 
first  year. 

If  you  want  to  pull  the 
plug  on  your  outsourcing 
deal,  be  aware  that  doing 
so  is  difficult  and  expen¬ 
sive  at  best  —  outsourcing 
is  primarily  a  one-way 
street.  You  can  avoid  many 
outsourcing  pitfalls  by  do¬ 
ing  your  homework  before 
you  negotiate  a  contract: 

1.  Define  explicit  outsourcing  boundaries. 
Many  outsourcers  will  try  to  persuade 
you  to  outsource  most  or  all  of  IT. 
Most  corporations  are  willing  to  out¬ 
source  commodity  functions,  but  not 
the  areas  that  give  the  corporation  its 
competitive  advantage.  Don’t  allow 
yourself  to  be  pushed  into  outsourc¬ 
ing  more  than  you  have  determined  is 
appropriate.  And  never  outsource  one 
piece  at  a  time  without  a  master  plan. 

2.  Understand  your  motives  for  outsourcing. 
Before  entering  into  an  outsourcing 
agreement,  ruthlessly  assess  your  mo¬ 
tives.  Are  you  primarily  seeking  to  cut 
costs,  improve  service  or  allow  man¬ 
agement  to  focus  on  the  business?  Or 
has  your  company  simply  decided  that 
IT  isn’t  a  core  competency  and  just 
wants  to  get  rid  of  the  aggravation? 
Being  clear  about  your  reasons  will 


allow  a  fair  evaluation  of 
the  outsourcing  deal  after 
the  first  year. 

3.  Carefully  analyze  and  un¬ 
derstand  your  cost  structure. 
Identify  and  remove  ineffi¬ 
ciencies  before  outsourc¬ 
ing;  otherwise,  only  your 
outsourcer  will  benefit. 
Evaluate  your  cost  struc¬ 
ture  in  sufficient  detail  to 
have  leverage  over  your 
outsourcer.  Beware  of  any 
outsourcer  that  offers  to 
cut  your  costs  x%  without 
doing  any  analysis! 

And  if  your  outsourcer 
uses  the  new  “utility”  pric¬ 
ing  for  on-demand  com¬ 
puting,  make  sure  you 
understand  all  the  implications  — 
there’s  not  a  lot  of  industry  experi¬ 
ence  with  it  yet. 

4.  Analyze  the  total  cost  of  outsourcing.  Be¬ 
fore  you  weigh  the  price  of  outsourc¬ 
ing  against  your  current  costs,  start 
with  the  outsourcer’s  bid,  then  add 
the  costs  of  preparing  and  evaluating 
a  request  for  proposals,  the  migra¬ 
tion/switching  costs  and  the  cost  of 
managing  the  outsourcer. 

5.  Assess  the  hidden  effects  of  outsourcing. 
Outsourcing  imposes  discipline  on 
your  organization.  Shifts  in  architec¬ 
tural  direction  can  be  more  difficult. 
Unplanned  changes  become  expen¬ 
sive  and  may  not  occur  in  the  time 
frame  you  desire.  Adapting  to  the  rig¬ 
orous  processes  required  by  an  out¬ 
sourcer  may  be  difficult  in  some 
corporate  cultures. 

6.  Closely  examine  security  and  privacy. 


•  PERKINS  is  manag¬ 
ing  partner  at  Leverage 
Partners  Inc,  in 
Louisville.  Ky„  which 
helps  CIOs  manage  their 
IT  suppliers.  He's  the 
former  CIO  at  Tricon 
Global  Restaurants  Inc. 
and  Dole  Food  Co. 
Contact  him  at 
BartPerkins® 
LeveragePartners.com 


The  new  cyberdisclosure  laws  will 
essentially  make  security  breaches  at 
your  outsourcer  equivalent  to  securi¬ 
ty  breaches  at  your  own  company. 

You  will  be  equally  responsible 
whether  your  customers’  data  is  com¬ 
promised,  stolen  or  hacked  at  your 
site  or  the  outsourcer’s  site.  Your  ex¬ 
posure  and  liabilities  are  significantly 
multiplied  —  investigate  carefully. 

7.  Communicate  honestly  with  your  staff. 
Outsourcing  generates  apprehension, 
and  rumors  will  fly.  Unless  you  have  a 
compelling  message  and  communi¬ 
cate  candidly,  your  best  people  may 
walk  out  the  door. 

8.  Design  a  viable  exit  strategy.  Supplier 
failures  are  occurring  at  an  alarming 
rate.  Explore  options  and  fallback  po¬ 
sitions  before  you  need  them. 

9.  Make  sure  initial  stakeholders  on  both 
sides  remain  accountable.  Many  outsourc¬ 
ing  arrangements  fail  because  the 
original  stakeholders  disappear  and 
their  replacements  are  often  far  less 
committed  to  the  deal. 

10.  Consider  offshore  options.  Advances 
in  communications  technology  have 
made  offshore  outsourcing  increas¬ 
ingly  viable.  Costs  can  be  significantly 
lower.  But  understand  the  impact  of 
international  travel,  language  difficul¬ 
ties  and  time-zone  differences  on 
your  business. 

The  foundation  of  successful  out¬ 
sourcing  is  clearly  understanding 
what  you  are  outsourcing  and  why. 
Outsourcing  can  be  an  excellent  solu¬ 
tion,  but  it’s  not  a  panacea.  Don’t 
follow  the  outsourcing  lemmings 
blindly  over  the  cliff.  Make  sure  you 
fully  understand  what,  why,  when, 
where,  who  —  and  how  much.  I 

offshIbiitsourcing 

To  read  about  the  debate  surrounding  offshore 
outsourcing,  visit  our  Web  site: 

QuickLink  36712 

Want  our  opinion?  For  more  columns  and  links 
to  our  archives,  go  to: 

©  www.computerworld.com/opinions 
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Introducing  Lotus  NotesVDomino ™  6.  It’s  the  easiest  to  manage,  most  cost-effective 
Notes/Domino  ever.  It  streamlines  administration,  frees  up  network  resources  and 
slashes  downtime.  Storage  costs  can  fall  by  up  to  15%.  Notes/Domino  6  has  unsurpassed 
power  and  control  for  managing  thousands  of  users.  Lotus,  part  of  the  software  team 
that  includes  WebSphere?  DB2®  and  Tivoli®  Take  a  test-drive  at  ibm.com/lotus/win 
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Software  Engineers  & 
Programmers:  Analyze, 

design,  test  and  implement 
specialize  software  applica¬ 
tions  for  e-commerce,  Web, 
Client  Server  technologies, 
Legacy  systems  and  distrib¬ 
uted  apps.  in  Weblogic, 
Corba,  Apache,  Mainframe, 
ASP,  J2EE,  PB  and  related 
technologies  utilizing  appro¬ 
priate  RDBMS  including 
Oracle  and  DB2.  HR, 
Instcomp,  Inc.,  906  Lacey 
Ave.,  Suite  #206,  Lisle,  IL 
60536.  EOE. 


Computers-Programmer 
Analysts  needed.  Seeking  qual. 
candidates  possessing  BS  or 
equiv.  and/or  rel.  work  exp.  Part 
of  the  required  rel.  exp.  must 
include  1  yr.  working  with  Visual 
Basic,  MS  SQL  Server  &  Unix 
(AIX)  and  6  months  working  with 
People  Tools.  Work  with  3  of  the 
following:  MS  SQL  Server, 
Visual  Basic,  Unix  (AIX), 
Windows  NT,  Oracle  &  People 
Tools.  Fwd.  resume  &  ref.  to 
Percipia,  Inc.,  Attn:  HR,  816 
Morrison  Rd.,  Gahanna,  OH 
43230. 


Compuer  Programmer 

(Houston.  TX):  Writes  ABAP 
codes  to  develop  and  maintain 
e-business  solutions,  including 
large-scale  database,  on-line 
procurement  system,  and  on¬ 
line  timecard  application,  using 
SAP  products:  such  as  MM,  PP, 
SD.  VC,  FI;  Java;  ASP;  SML; 
SQL  and  Oracle  in  Windows 
NT.  B.S.  plus  1  yr.  Exp.  Contact 
Ali  Poonawala  of  Alinson,  Inc. 
at  203  Blue  Bell  Rd,  Houston, 
TX  77037,  (281)  260-7800(T), 
(281)  260-7878(F). 


Technical  Support 
Specialist  sought  by 
Stonebridge 
Hospitality  Assoc's 
w/Bach  in  Comp 
Sci/Eng  or  related 
field  w/2  yrs  exp. 
Respond  by  resume 
to  HR  Dept,  9100  E. 
Panorama  Dr,  #300, 
Englewood,  CO 
80112. 


Application  Engineer/Industrial 
Software  needed  w/exp  to  ana¬ 
lyze,  design  &  develop  industrial 
automation  applications  using 
Step  7  a  programming  language 
for  SIMATIC  S7  PLC'S  and 
SIMATIC  NET  for  configuring 
SIMATIC  Industrial  Networks. 
Provide  system  integration  in 
the  field  of  factory  &  process 
based  on  PLC  (Programmable 
Controllers)  &  SCADA  (Super¬ 
visory  Control  and  Data 
Acquisition)  systems.  Design  & 
engineer  Control  System  hard¬ 
ware  &  related  software  devel¬ 
opment.  Perform  testing  &  trou¬ 
ble  shooting.  Send  resume  to: 
Control  Infotech  Inc.  1119-ID, 
Crab  Orchard  Drive,  Raleigh, 
NC  27606. 


S/W  Graphic  Designer  to  design, 
modify  and  maintain  existing/new 
web  sites  using  HTML,  CSS, 
ASP,  XML,  Flash,  under  Mac  and 
PC  envir;  Create/refine  conceptu¬ 
al  designs  and  ideas  into  comput¬ 
er/images  using  Photoshop, 
Illustrator,  Dream  Weaver;  create 
layouts  based  on  layout  princi¬ 
ples.  design  concepts;  conduct 
req.  analysis  and  performance 
testing.  Require:  B.S.  or  foreign 
equiv.  in  CS/Graphic  Design/Fine 
Arts  with  2  yrs  of  exp.  Competi¬ 
tive  salary,  f/t.  travel  involved. 
Apply  to:  HR,  Mindspan  Systems, 
Inc.,  6050  Peachtree  Pkwy,  Ste 
240-214,  Norcross,  GA  30092. 


Senior  Network  Administrator. 
Plan,  direct,  support  Manage¬ 
ment  Information  System  includ¬ 
ing  daily  operation  of  Sun 
Solaris  UNIX  Server,  Microsoft 
Windows  2000  Advance  Server, 
IBM  AS400,  Citrix  Metaframe 
and  all  network  devices  and 
database  programs  for  Athens, 
GA  plant.  Must  have:  BS  in  com¬ 
puter  science,  eng’g,  or  busi¬ 
ness  administration  or  related 
field  and  2  yrs  exp  in  job  offered 
or  in  Computer  Operations 
Analysis  or  related  field. 
Respond  to  HR  Manager,  425 
Athena  Drive,  Athens,  GA 
30605  Refer  to  Code:  AR.  No 
job  placement  agencies  need  to 
apply. 


System  Administrator  want¬ 
ed  to  install,  configure,  sup¬ 
port  and  maintain  networks. 
Bachelor's  degree  in  a  Com¬ 
puter  related  field  and  2  yrs. 
experience  in  job  offered  or 
in  Systems  Administration  in 
a  Telecommunication  envi¬ 
ronment.  Experience  must 
include  TCP/IP,  Ethernet  and 
SQL.  Please  e-mail  resumes 
to  Rebecca. austamente@ 
radianz.com  (subject:  Code 
0313). 


Technical  Marketing  Manager 

Initiate,  engage,  develop.  & 
manage  business  relationships 
&  partnerships.  Prospect  gener¬ 
ation,  preparation  &  presenta¬ 
tion  of  solutions  &  proposal 
preparation  &  finalization.  MBA / 
Masters  in  Business/  Computers 
&  1  yr.  exp.  Must  be  willing  to 
travel,  use  UNIX,  Windows,  SEI 
CMM  &  ISO  Concepts.  40.0 
hrs./wk  9:00  AM  -  6:00  PM 
Applicants  send  cover  letter  and 
resume  to:  SRA  Systems 
Limited,  1945  Cliff  Valley  Way, 
#270,  Atlanta,  GA  30329,  ATTN: 
M.  Ankarath 


Programmers  needed.  Seek¬ 
ing  candidates  possessing  BS 
or  equivalent  and/or  rel  work 
experience.  Duties  include: 
Analyze  program  applications; 
Develop  and  deploy  applica¬ 
tions;  Integrate  applications. 
Work  with  2  of  the  following: 
Java,  J2EE,  VC++,  COM,  First 
Logic,  Visual  Basic  and  Crys¬ 
tal  Reports.  Mail  resume,  ref¬ 
erences  and  salary  require¬ 
ments  to:  Marketing  Response 
Systems,  Attn:  Mel,  980 
American  Pacific  Drive,  #104, 
Henderson,  NV  89014. 


F/T  Computer  Support  Specialist. 
Responsible  for  scoping,  planning 
and  implementing  legacy  applica¬ 
tion  extension  projects  and  training 
customer  personnel  in  tool  use. 
100%  travel.  Requires  in-depth 
knowledge  of  J  Walk,  GUI/400, 
Win  Ja  and  TTT.  Must  have  3  yrs. 
of  exp.  Work  background  must 
have  included  providing  technical 
support  services  to  software  and / 
or  network  end  users  and  support¬ 
ing  J  Walk,  GUI/400  &  TTT  cus¬ 
tomers  across  a  variety  of  indus¬ 
tries.  Salary:  Competitive.  Send 
Resume  to:  HR-Ref:  TS,  SEAG¬ 
ULL,  3340  Peachtree  Rd,.,  Atlanta, 
GA  30326.  Reference  this  ad.  No 
phone  calls  please. 


COMPUTER 

Siebel  Systems,  Inc.  has  employ¬ 
ment  opportunities  for  Tech 
Instructors  in  Alpharetta,  GA. 
Education  and  experience  re¬ 
quirements  vary.  Apply  online  at 
http://www.siebel.com/adresume 
or  forward  your  resume  referenc¬ 
ing  Job#2521  to:  Siebel  Systems, 
Inc.  Attn:  Corporate  Recruiting, 
2207  Bridgepointe  Parkway,  San 
Mateo,  CA  94404.  EEOE 


Sr  Software  Engineer 
for  s/ware  co  in 
Rochelle  Park,  NJ.  Must 
have  Master's  degree  in 
Comp  Sci/Comp  Eng  or 
reltd  field  &  5  yrs  exp  in 
job  offered  or  in  s/ware 
development  position. 
Send  resume  to:  Matrix 
Info.  Consulting,  365  W. 
Passaic  St,  Rochelle 
Park,  NJ  07662,  attn: 
Rob  Bigini. 
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You  can 
find  a 
better 

JOB 

with  one 
hand  tied 
behind 
your  back. 


Just  point  your 
mouse  to  the 
world’s  best 
IT  careers  site. 

Brought  to 
you  by 

Computerworld, 
Info  World  and 
Network  World. 

Find  out  more. 

Call  your 
ITcareers  Sales 
Representative 
or 

Nancy  Percival, 
1-800-762-2977 


Where  the  heel 
get  better 


Developer  sought  by  oncology/ 
therapeutics  div.  of  pharma  R&D 
co.  in  San  Francisco,  CA.  Candi¬ 
date  must  have  a  Bachelor's  de¬ 
gree  or  equiv.  in  Computer  Engin¬ 
eering  or  related.  Min.  of  5  years 
experience  in  application  develop¬ 
ment  &  database  design  &  devel¬ 
opment  on  Oracle  platform  re¬ 
quired.  Extensive  exp.  in  OOAD. 
Object  Oriented  Programming, 
DBA,  database  design  tools,  data 
modeling  tools  (ERWin),  SQL, 
PL/SQL,  Unix  (shellscripts,  FTP 
automation),  Java,  Oracle  8i  data¬ 
base,  Oracle  11  i  applications  (order 
fulfillment),  Blue  Martini  CRM  and 
HTML,  pharma,  pricing  s/w  cus¬ 
tomization  required.  Experience  in 
pharma,  pricing  required.  Must 
have  strong  analytical  skills  in  pric¬ 
ing  infrastructure,  information  ser¬ 
vices  &  data  analyses,  &  excellent 
oral  &  written  communication  skills. 
Send  resumes  to:  OTN,  Staffing 
Dept.,  395  Oyster  Point  Blvd.,  Suite 
405,  South  San  Francisco,  CA 
94080,  Job  Code:  VM-764  or  fax 
resume  to:  (650)  737-9576  or  email 
to:  Jobs.otn@otnnet.com 


Sr.  Programmer/Business  Analyst 
(Chicago,  IL)  Participate  in  archi¬ 
tectural  design  and  use  case 
analysis  on  web-based  mgt  info 
syst.  w /  Oracle/Win2000  env. 
using  PL/SQL,  VB,  TOAD,  MS 
Project  and  Rational  Robot;  inter¬ 
face  b/t  info  tech  and  business 
groups  to  identify  user  needs, 
prepare  busi.  requirement  docu¬ 
ments,  and  develop  project  pack¬ 
ages  applying  JAD  and  RAD. 
Requires  BS  in  Com. Sc.,  Engr.  or 
MIS  plus  3  yrs.  exp.  Full¬ 
time/competitive  salary.  Resume 
to:  HR  NetEffects,  Inc.,  500 
Chesterfield  Ctr.,  Ste.350,  St. 
Louis,  MO  63017 


SR.  SOFTWARE  ENGINEER 
sought  by  Graphic  Enter¬ 
prises  of  OH  to  dvlp  &  support 
s/ware  prodcts  for  newspaper 
indstry  using  Win  NT/2000/ 
98/95,  SQL,  C/C++/Visual 
C++,  COM/ATL,  MFC,  VB, 
VBScript,  Visual.Studio.NET, 
Java,  JavaScript,  Win  32 
APIs/STL,  HTML,  XML  & 
HTTP.  Deg  in  Comp  Sci/Engg 
&  significant  work  exp  req'd. 
Send  resume  to  HR,  Graphic 
Enterprises,  Inc,,  3874 
Highland  Park  NW,  North 
Canton,  OH  44720. 


Demantra,  Inc.  seeks  Sr 
Application  Consultant  to  design 
demand  planning  technical 
architecture;  serve  as  demand 
planning  &  forecasting  exped;  & 
work  w/customers  to  improve 
planning  process.  Hands-on 
involvement  in  all  phases  of 
Demand  Chain  solution,  from 
business  analysis  to  implemen¬ 
tation  &  support.  Operate  db 
systems  to  integrate  demand¬ 
planning  product  in  ERP  & 
Supply  Chain  envir.  Job 
involves  extensive  travel. 
Resume/cvr  Itr  to:  Demantra, 
Inc;  HR;  767C  Concord  Ave; 
Cambridge,  MA  02138. 


Software  Engineer  to  research/ 
develop  computer  graphics  soft¬ 
ware  on  Macintosh  &  Windows 
using  C/C++  under  MS  Visual 
Studio;  work  on  DTP  features  of 
the  product-text  input  ( including 
European  &  Far-Eastern  Asian 
character  sets  &  input  methods), 
text  layout,  font  caching  &  ren¬ 
dering,  GDI  printing  &  PostScript 
printing;  40hpw,  M-F, 
$52,000/yr.,  req.  bachelors  in 
computer  science  or  related  field 
plus  6  mos.  exp.  Fax  resume  to 
J.  Miranda,  Deneba  Software, 
Inc.,  1150  NW  72nd  Ave.,  Suite 
180,  Miami,  FL  33126,  (305) 
406-9802. 


Mercury  Interactive  Corpor¬ 
ation  is  the  world's  leading 
provider  of  solutions  that  auto¬ 
mate  testing,  quality  assurance 
and  application  performance 
management  for  e-business, 
enterprise  resource  planning, 
and  client/server  applications. 
Mercury  and  its  subsidiary 
Freshwater  Software  currently 
have  exciting  opportunities 
available  at  our  worksites 
throughout  the  US,  including 
Sunnyvale,  CA;  Boulder,  CO 
for  the  following  positions  (all 
levels/all  types): 

•  Software  Engineers  (& 
Consultants) 

•  Systems  Analysts/Engineers 
(&  Consultants) 

•  Database  Administrators 

•  Product  Managers 

•  Customer  Support  Analysts 

Please  send  resume  to 
Mercury  Interactive  Corpor¬ 
ation  with  cover  letter  to 
Human  Resource  Dept,  fax: 
408-822-5514  or  email  your 
resume  to  jobs@merc-int.com. 
For  additional  information  on 
these  and  other  positions,  visit 
our  web  site  at  www.mercuryin- 
teractive.com.  Mercury 

Interactive  Corporation  is  an 
equal  employment  opportunity 
employer  committed  to  the 
development  of  a  diverse  work¬ 
force. 
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A  Chicago  Japanese  restaurant 
is  seeking  an  Info.  System 
Manager  to  develop/operate 
info.  sys.  to  estimate  food  con¬ 
sumption,  place  orders  with  sup¬ 
pliers,  and  to  manage  daily 
restaurant  operations;  install 
and  program  restaurant-wide 
info.  sys.  to  ease  the  record¬ 
keeping/paperwork;  adminis¬ 
ter/program  a  computer  program 
to  keep  track  of  employee 
schedules/pay;  install/operate 
Point-of-Service  (POS)  systems 
to  increase  employee  productiv¬ 
ity  and  to  track  the  sales  of  spe¬ 
cific  menu  items;  Administer/ 
program  a  computer  system 
which  totals  checks,  act  as  a 
cash  register/credit  card  autho- 
rizer,  and  track  daily  sales;  use 
inventory  tracking  software  to 
compare  the  record  of  daily 
sales  from  the  POS  with  a 
record  of  present  inventory  to 
minimize  food  costs/spoilage; 
operate/program  a  system  to 
order  additional  inventory  from 
the  supplier.  40  hrs/wk,  10am- 
7pm,  $47,000/yr.  B.A./B.S.  in 
Business  or  C.S.  1  yr  related 
exp.  Applicant  must  show  proof 
of  legal  authority  to  work  in  the 
U.S.  Send  resume  to  IL.  Dept,  of 
Employment  Security,  401  S. 
State  St.  -  7  North,  Chicago,  IL 
60605,  Attn:  Leonard  Boksa. 
Ref#  V-IL34152  -  B.  An  employ¬ 
er  paid  ad.  No  Calls-Send  2 
copies  of  both  resume  &  cover 
letter. 


Consultant  sought  by 
NYC  IT  firm  for  publish¬ 
ing  related  projects,  sys¬ 
tem  analysis  &  design. 
BS  degree,  IT  related 
major.  Broad  skills  in 
desktop  publishing,  web 
technologies,  and  sys¬ 
tem  integration.  Freq. 
travel.  Contact: 

careers@desknetinc.com 


Software  Professionals  and  IT 
Managers  Needed 

Digital  GlobalSoft  Limited  (for¬ 
merly  Digital  Equipment  (India) 
Ltd.)  is  a  leading  software  com¬ 
pany  with  offices  nationwide. 
With  Digital  you  will  get: 
Extensive  Benefits,  Additional 
Compensation  for  referrals,  and 
Professional  Challenges  with 
training  and  assignments  to 
keep  you  at  the  leading  edge  of 
technology. 

For  technical  positions  (software 
engineers,  programmer/ana¬ 
lysts,  systems  analysts),  we 
need  people  with  the  following 
skills: 

OS:  Open  VMS,  NT/Windows 
2000/XP,  Tru  64Unix. 

Languages/Tools:  ASP, 
Com/Dcom,  JavaScript,  VB 
Script,  VB,  VC++,  PERL,  Java, 
EJB,  CORBA,  RMI,  C/C++, 

DEC  Forms,  ACMS,  Rally. 

Middleware:  MSMQ,  TUXEDO. 

Database:  Oracle,  SQL  Server, 
Sybase  and  Rdb. 

We  are  also  searching  for  SAP 
functional  experts  with  2  years 
implementation  experience  in 
various  modules  and  Siebel  cer¬ 
tified  consultants  with  2+  years 
post  certification  experience. 

Ideal  candidates  for  IT  Business 
Development  Manager  positions 
will  have  technical  background, 
i.e..  Bachelor's  degree  in 
Engineering,  Computer  Science, 
Electronics  or  related  field,  and 
IT  business  development  and 
managerial  experience. 

Travel  to  job  sites  throughout  the 
United  States  may  be  required. 
Some  positions  may  require 
relocation  to  Europe  and  Asia 
Pacific.  Applications  can  be  sent 
to  North  America  F  &  A 
Manager,  Digital  GlobalSoft 
Limited,  200  Forest  Street, 
MR01-1/A65,  Marlboro.  MA 
01752. 

Digital  GlobalSoft  Limited  is  an 
equal  opportunity  employer. 


It  is  at  the  heart  of  our  work,  not  only  the  energy 
we  provide  to  the  entire  world,  but  also  the 
energy  which  drives  our  people.  The  following 
represents  our  needs  in  Saudi  Arabia: 

Web  Solutions  Specialist 
Senior  Imagery  Analyst 
Network  Storage  Administrator 
EDP  Systems  Analyst 
SAP  Training  Specialist 
Power  Systems/ETAP  Specialist 
Digital  Systems  Technician 

For  consideration,  please  send  a  resume  to 

Aramco  Services  Company,  reference  code 
06J-ITCAREERS,  in  one  of  the  following 
ways:  Fax:  (713)  432-4600;  Mail  P.O.  Box  4530, 
Houston,  TX  77210-4530;  e-mail  (please  cut 
and  paste  rather  than  send  an  attachment): 
resumes@aramcoservices.com. 

For  a  detailed  description  of  the  above 
positions,  please  refer  to  our  website 
www.jobsataramco.com. 


opgamJI  gSjoljl 
Saudi  Aramco 


Web  Application  &  Client  Server 
Specialist  (Sr.  Programmer/ 
Analyst).  Web  Applic  &  Client 
Server  Specialist  (Sr  Prgmr/ 
Analyst)  pos  works  w/clients  of 
ISSI  to  dsgn  &  modify  tech  archi¬ 
tecture  of  client  systms,  &  over¬ 
see  implmtn.  Pos  dsgn  &  dvlp 
applies  &  detailed  s/ware  mod¬ 
ules  to  meet  specific  reqmts 
using  ASP,  MS  VB,  SQL  Server, 
Client  Server,  HTML,  &  C++. 
Pos  serve  as  project  leader.  BS 
or  foreign  equiv  in  CS,  CE,  EE, 
or  MIS  +  4  yrs  exp  in  job  offd  or 
as  Prgmr  (or  MS  +  2  yrs  exp.) 
Exp  to  incl  1  yr  as  team  leader  or 
mgr  +  VB,  SQL  Server,  Client 
Server,  ASP.  C++,  Active  X.  40 
hrs/wk,  $61 ,214/yr.  Must  have 
proof  of  legal  auth  to  work  in  US. 
Send  resume  to  I A  Workforce 
Center,  215  Watson  Powell  Jr. 
Way,  Suite  100,  Des  Moines,  IA 
50309-1727.  Please  ref  to  JO 
IA1101645.  Employer  paid  ad. 


Seeking  qualified  applicants  for 
the  following  positions  in 
Memphis/Collierville,  TN:  Senior 

Business  Application  Analyst, 

Act  as  liaison  between  technical 
developers  and  users/customers. 
Requirements:  Bachelor's  deg¬ 
ree*  in  computer  science,  math, 
statistics,  business  administration 
or  related  field  plus  5  years  of 
experience  in  analyzing  business 
systems  and  developing  technical 
automated  solutions.  Experience 
with  Java;  application  server 
(either  WebLogic,  WebSphere  or 
JRUN);  and  UNIX  also  required. 
‘Master’s  degree  in  appropriate 
field  will  offset  2  years  of  general 
experience.  Submit  resumes  to 
Sibi  George,  FedEx  Corporate 
Services,  1900  Summit  Tower 
Blvd.,  Suite  1400,  Orlando,  FL 
32810.  EOE  M/F/D/V. 


Prog.  Analysts  to  analyze,  design, 
maintain  appls  using  C,  Java, 
HTML,  VBScript,  ASP,  MS  SQL, 
Rational  Rose  under  Windows  OS; 
design,  implement  GUI  and 
RDBMS  using  VB,  Dev  2000, 
Oracle,  MS  Access,  SQL  Server. 
Require:  B.S.  or  foreign  equiv.  in 
CS/Engg  (any  branch)  &  2  yrs  of 
exp.  in  the  field.  S/W  Enggs  to 
design,  develop,  test,  implement 
appls  using  C,  C++,  Oracle,  SQL 
Server,  MS  Access  on  Windows. 
Unix;  design,  develop  web  appls 
using  HTML,  Java,  ASP,  JDK.  CGI, 
JScript;  provide  training  and  user 
support  for  the  systems  appln  soft¬ 
ware/hardware  to  team  and  clients; 
debug  and  modify  existing  soft¬ 
ware.  Require:  M.S.  or  foreign 
equiv.  in  CS/Engg.  (any  branch) 
with  1  yr  exp.  in  the  field.  High  sal¬ 
ary.  F/T.  Travel  involved.  Resume 
to:  Infosmart  Technologies,  385 
Leatherman  Ct.  Alpharetta,  GA 
30005. 


System  Admins  to  install,  maintain, 
administer  Windows  NT,  Linux, 
HP-UX, SCO/Solaris;plan,  imple¬ 
ment,  maintain  and  troubleshoot 
LAN/WAN  installations;  manage 
networking  protocols  such  as 
TCP/IP.  IPX/SPX,  etc;  install, 
upgrade  network  computer  hard¬ 
ware/software.  Systems  Analysts 
to  analyze,  design  appls  using 
Java,  VB,  Oracle,  SQL  Server. 
ASP.  Active  X.  HTML/DHTML, 
JavaScript,  etc.  under  Windows 
OS;  write  triggers  and  stored  pro¬ 
cedures  to  account  for  business 
processes;  perform  req.  analysis; 
develop  user  interface,  reports. 
Require:  B.S.  or  foreign  equiv  with 
cone  in  CS/Science/Engg.(Any 
branch)  and  2  yrs  of  exp.  in  IT. 
Travel  involved.  High  Salary.  F/T. 
Resume  to:  Radiant  Technologies, 
Inc.,  335  Majestic  cove.  Alpharetta. 
GA  30004 


IT  Developer  3,  Charlotte,  NC, 
Wachovia  Corp.  Create  doc.  de¬ 
tailing  hardware  &  software  infra¬ 
structure.  interdependencies  of 
each  component  &  IVR  appl.  dev. 
standards  for  EIVR  environ. 
Reqs.  BA  in  CIS  &  3  yrs  exp.  in 
the  pos.  off.  or  Software  Eng.  or 
Comp.  Consultant.  The  3  yrs  reqd 
exp.  must  incl.  work  w/IVR  appli¬ 
cation  design,  dev.,  implementa¬ 
tion  &  work  in  high-volume  call 
center  (2-3  million  calls/mos.).  1 
yr.  of  reqd  exp.  must  incl.  IVR  sys. 
w/PBX  switches  (i.e.  Cisco/ 
Geotel  ICM,  Aspect  ACD,  SL1. 
SL100  &  AT&T  G3)  &  IVR  sys. 
w/SpeechWorks  ASR  software  or 
similar  software  package.  M-F,  8- 
5,  Send  resume  to  Randall  Buck, 
Wachovia  Corporation,  1525 
West  W.T.  Harris  Blvd,  NC  0775, 
Charlotte,  NC  28262-0775.  No 
phone  calls. 


System  Analysts  to  analyze, 
design,  develop  software  for 
Wireless  and  Data  Communica¬ 
tion  using  J2EE,  XML,  C.  C++, 
SQL.  SMPP,  WAP.  XHTML,  3G. 
Oracle,  etc.  under  Oracle  Mobile 
Server  9iAS  WE.  UNIX.  Sun 
Solaris  etc;  perform  reqs  gather¬ 
ing,  design  process,  design 
reviews,  code  peer  reviews, 
customization  and  enhance¬ 
ments.  Prog/Analysts  to  ana¬ 
lyze,  design  appls  using  C.  C++. 
Java,  HTML,  VB,  Java-Script, 
SQL,  Oracle,  MS  Access  under 
Windows.  UNIX  OS;  study,  eval¬ 
uate  new  technologies/method¬ 
ologies;  gather,  document  reqs 
from  user  community:  test/trou¬ 
bleshoot  project  appl  code 
according  to  system  objectives 
Require:  BS  or  foreign  equiv.  in 
CS/Engg.  (any  branch)  with  2 
yrs  exp.  High  Salary.  Travel 
involved.  F/T.  Apply  to:  HR, 
Unilinx,  Inc,  4625  Alexander  Dr., 
Ste  110,  Alpharetta.  GA  30022. 
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Computer- -TATA  INFOTECH  provides  sophisticated 
IT  solutions  to  various  commercial  organizations  and 
offers  a  comprehensive  suite  of  services  to  deliver 
end-to-end  software  solutions.  Were  part  of  Tata 
conglomerate  and  are  headquartered  in  India,  with 
operations  worldwide. 


=OTECH 


•  PROGRAMMERS/ANALYST:  (code:  AP/1).  Req.  1  +  yrs.  exp. 

.  SR.  ANAIYST/PROGRAMMERS:  (code:  SP/2).  Req  3-5*  yrs.  exp.  in  IT 
industry  in  advance  programming  &  system  analysis. 

•  TEAM  LEADERS  (code:  TL).  Req.  5+  years  exp.  in  leading  large 
project  teams. 


All  positions  req.  BS/MS  in  CS  or  related  field  and  proficiency  in  one  or 
more  of  the  following:  Language:  COBOL,  CICS,  Assembler,  LINC,  XML, 
C*c  Perl,  and  PL1.  Java.  Platform:  IBM  mainframe,  Unisys  mainframes. 
Unix.  NT  Database:  Oracle,  Informix,  DB2,  Progress,  TMS.  MS  SQL  server. 
Front-end:  Developer  2000.  VC++,  Power  Builder,  and  VB.  Web 
Technologies:  WebSphere  Weblogic,  ASP  IIS,  MO  series,  Tuxedo.  Case 
Tools:  Designer  2000,  ERWIN,  UML.  Rational  Rose  and  any  other  case  tool. 
Network  Technologies:  LAN/WAN,  TCP/IP  routers,  switches,  gateway, 
firewall.  Support:  System  maintenance,  break  fix  maintenance,  network 
administration  and  support. 

Position  openings  are  at  several  locations  nationwide  and  the  selected  person 
could  be  offered  posting  at  any  of  the  company  s  project  sites  In  the  US.  The 
job  may  require  substantial  traveling  and  may  require  relocation.  TATA 
INFOTECH  is  an  equal  opportunity  employer.  E-maii  your  resume, 
mentioning  the  position  code  in  the  subject  line,  to: 
jobs.usAtatainfotech.com 


NEWS  MEDIA  MANAGER  -  WABC 
Eyewitness  News  has  an  immedi¬ 
ate  opening  for  a  News  Media 
Manager.  Responsibilities  include: 
managing  media  ingest,  output  and 
traffic  flow  for  multiple  newscasts 
including  digital  playback,  supervis¬ 
ing  news  editors,  news  editing,  and 
managing  digital  servers  and 
archives. 

The  successful  candidate  will  have 
a  minimum  of  3  years  television 
news  editing  experience,  and  multi¬ 
ple  years  experience  working  in  a 
TV  newsroom  exercising  editorial 
judgment.  Must  be  proficient  in 
non-linear  editing  techniques,  com¬ 
puter  literate,  comfortable  working 
with  Microsoft  Office  and  Windows 
NT,  as  well  as  experience  with  one 
or  more  newsroom  systems  such 
as  AP  ENPS. 

This  individual  must  be  highly  orga¬ 
nized  and  used  to  working  under 
tight  deadlines  while  working  on 
multiple,  overlapping  projects.  The 
News  Media  Manager  will  work 
closely  with  News  Producers  and 
Management  to  ensure  the  timely 
and  accurate  production  of  news¬ 
casts,  special  reports  and  special 
segments.  Prior  supervisory  experi¬ 
ence  preferred. 

Please  send  resume  to:  Ted 
Holtzclaw,  News  Operations 
Manager,  WABC-TV,  7  Lincoln 
Square  4th  FI.,  New  York,  NY 
10023.  No  calls  please.  We  are  an 
Equal  Opportunity  Employer. 


Computers-Project  Leaders 
needed.  Requires  BS  degree 
or  equivalent  and/or  relevant 
work  experience.  Experience 
must  include  two  years  work¬ 
ing  with  Java,  OSS  and 
Tandem.  Duties  include:  Plan, 
direct  and  coordinate  activities 
of  projects;  Analyze  business 
requirements  and  resolve 
technical  problems.  Experi¬ 
ence  with  ASP,  NET  and  SQL 
are  a  plus.  Mail  res.,  ref.,  and 
sal.  req.  to:  Opus  Software 
Solutions  Private  Limited,  Inc., 
1480  Route  9  North,  #203, 
Woodbridge,  NJ  07095. 


Software  Engineers  with 
interactive  business  appli¬ 
cations,  client-interface 
extranet  &  multi-tiered 
architecture  experience  to 
work  in  our  Burlington,  MA 
office.  Send  resume  to  Jay 
R.  Smith  Mfg.  Co.,  Attn: 
HR  Mgr.,  Req#5565,  P.O. 
Box  3,  Montgomery,  AL 
36109-0237  or  online  to 
mike.polis@irsmith.com 

with  Req#5565  in  subject 
line.  EOE. 


Software  Engineers  needed. 
Seeking  candidates  possessing 
MS/BS  or  equiv.  and/or  rel.  work 
experience.  Part  of  the  req.  rel. 
work  exp.  must  include  1  year 
working  with  Java,  ERP  &  CRM. 
Duties  include:  Research, 
design  and  develop  oracle  data¬ 
bases:  Analyze  software 

requirements  and  provide  tech¬ 
nical  support  to  client  websites. 
Experience  with  EDI  and  EIP 
are  a  plus.  Mail  res.  &  ref.  to: 
Adept  Computer  Consultants. 
1010  Harmon  Blvd.,  Hoffman 
Estates,  IL  60194. 


DataWarehouse/  S/W  Engg. 
needed.  Candidates  w/MS  or 
equiv.  in  CS/Engg  or  rel. 
and/or  rel.  work  exp.  Solid 
knowledge  of  RDBMS  de¬ 
sign  SQL,  DB2,  dw  utilitites 
pref.  Duties  inch  Design, 
deve  and  impl  s/w  appls: 
gather  tech  req.  Work  w/  any 
4:C/C++,  VB,  UNIX  shells, 
Oracle,  Erwin,  Informatica, 
ETLtools,  PERL,  JAVA  and 
Prolog.  Mail  res.  ref.  and  sal. 
req.  to:  Avantel  Softech  Inc., 
180  Turnpike  Rd.,  Westboro, 
MA  01581. 


Web  Developers  to  solve  pro¬ 
gramming  problems  in  multi¬ 
ple  Internet/Extranet  Web 
environment  using  cutting 
edge  technologies.  B.S. 
degree  and  experience  are 
musts.  Send  resume  to 
Invacare  Corporation,  Attn: 
HR,  One  Invacare  Way, 
Elyria,  OH  44035,  or  online  to 
ivcrjobsrc@invacare.com. 
Please  reference  job  code 
WD0203.  EEO/M/F/D/V. 


Computer  Systems  Hardware 
Analysts  needed:  Seeking  can¬ 
didates  possessing  BS  or 
equiv.  and/or  rel.  work  experi¬ 
ence.  Part  of  the  req.  rel.  work 
exp.  must  include  one  year 
working  with  FPGA  and  ASIC. 
Duties  include:  Design  &  devel¬ 
op  wireless  modems;  analyze 
data  processing  requirements 
and  provide  technical  support. 
Must  be  willing  to  travel  and 
relocate.  Mail  res.,  &  ref.  to: 
Radia  Communications,  1277 
Borregas  Ave,  #150, 
Sunnyvale,  CA  94089. 


COMPUTER/IT 

Software  Engineer.  Requires 
Bachelor's  degree  (or  equivalent) 
in  Computer  Science.  Information 
Technology  or  Software  Engineer¬ 
ing  and  one  year  of  experience  in 
the  job  offered  or  one  year  of  soft¬ 
ware  engineering  experience.  In 
lieu  of  a  Bachelor's  degree,  will 
accept  2  additional  years  of  stated 
experience.  All  stated  or  other 
experience  must  include  the  fol¬ 
lowing:  use  of  C/C++  to  develop 
network  security  assessment  & 
intrusion  detection  systems;  use 
of  programming  languages  includ¬ 
ing  Visual  Basic,  Java.  SQL. 
Tcl/Tk,  &  web  technologies;  use  of 
protocol  technologies  (COM, 
ActiveX,  MFC,  TCP/IP);  perform¬ 
ing  concurrent  processing  (sema¬ 
phores,  IPC,  multithreading,  and 
sockets);  &  use  of  OS  (Windows 
Internals,  AIX,  Solaris).  (Exp. 
need  not  be  concurrent).  40 
hrs./wk.  8:00-5:00.  Mail  resumes 
to  Internet  Security  Systems,  Inc., 
Attn:  Angene  Esson,  6303  Barfield 
Road,  Atlanta,  GA  30328.  EOE 
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Why  Disaster  Planning  Isn’t  Funded 


Reasons  for  not  Investing  in  specific 
business  continuity/disaster  recovery  practices 


Others 

27% 

Security 

concerns 

2% 


No  delivery 
service  in  our 
area  2% 


Not  needed: 
other  practice/ 
service/technology 
fulfills  role  5% 


Too  expensive 

29% 


Too  complex 

25% 


Not  needed:  service  not  of 
value  in  our  business  10% 
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Companies 

ministrator  at  Tessy  Plastics 
LLC  in  Lynchburg,  Va.,  said  a 
lack  of  funding  has  forced  him 
to  buy  used  equipment  to  back 
up  his  systems.  “We’ve  imple¬ 
mented  a  used  tape  drive  on 
our  main  server  and  do  good 
backups,”  he  said.  “If  I  had  to 
purchase  the  stuff  new,  I 

couldn’t  have  done  it _ Right 

now,  money  is  tight.” 

And  Ervin  isn’t  alone,  ac¬ 
cording  to  a  study  released 
last  week  by  Dataquest  Inc.  in 
San  Jose.  The  study,  “Invest¬ 
ment  Decisions:  Preparing  for 
Organizational  Disasters,” 
found  that  IT  managers  from 
205  companies  representing 
eight  vertical  industries  in  the 
U.S.  aren’t  investing  appropri¬ 
ately  in  disaster  plans  because 
of  inadequate  budgets. 

“Budget  constraints  are 
forcing  an  average  of  40%  of 
respondents  to  rely  on  a  best 
guess  to  determine  potential 
risk  rather  than  obtaining  for¬ 
mal  assessments,  which  would 
be  too  costly,”  said  Tony 
Adams,  principal  analyst  at 
Dataquest’s  IT  Services  group. 

“Preparation  is  key,  and 
without  adequate  investment 
for  protection  of  critical  sys¬ 
tems,  the  repercussions  of  dis¬ 
asters  will  be  lengthier  and 
more  costly,”  he  said. 

A  security  manager  at  one 
of  the  nation’s  largest  banks, 
who  spoke  on  condition  of 
anonymity,  said  the  sheer  size 
of  his  company  means  that  de¬ 
partments  report  to  various 
executives  and  require  differ- 


Correction 

In  the  Newsmaker  Q&A  in  last 
week’s  issue,  Qwest  Communi¬ 
cations  International  Inc.,  which 
sold  its  application  service 
provider  division  to  Corio  Inc.  last 
fall,  was  misidentified  as  Quest 
Software  Inc.,  a  maker  of  appli¬ 
cation  management  tools. 


ent  levels  of  certification  by 
third-party  disaster  assess¬ 
ment  firms.  As  a  result,  “busi¬ 
ness  continuity  planning  is  as 
the  business  sees  fit,”  the  man¬ 
ager  said. 

Moreover,  it’s  difficult  to 
show  the  return  on  investment 
from  hiring  third-party  firms 
to  certify  disaster  recovery 
processes  and  assess  risk,  he 
said.  “Companies  in  this  space 
came  off  as  if  they’re  looking 
for  big  dollars  to  tell  you  what 
you  already  know.  We  all  see 


Continued  from  page  1 

Mtes 

“That’s  pretty  significant,” 
Kane  said. 

McLean,  Va.-based  FSI,  a  re¬ 
search  firm  for  the  business- 
to-govemment  market,  said  IT 
spending  in  the  states  will 
reach  $40.7  billion  in  the  next 
fiscal  year,  an  increase  of  less 
than  2%  over  this  year.  And  as 
they  continue  to  scrape  for  IT 
funding,  more  states  are  ap¬ 
pointing  enterprise  architects 
to  map  out  IT  and  business 
process  strategies. 

Two  years  ago,  only  two 
states  had  specifically  ap¬ 
pointed  enterprise  architects. 
Since  then,  the  number  has 
climbed  to  22,  said  Gerry 


the  best-practice  picture  at  the 
end  of  the  tunnel,  but  we 
choose  due  care  and  sound 
business  decision  processes  to 
get  to  that  end,”  he  said. 

In  any  case,  crisis  manage¬ 
ment  plans  have  been  imple¬ 
mented  at  53%  of  the  sites  that 
responded  to  the  Dataquest 
survey,  and  an  additional  30% 
that  don’t  already  have  plans 
are  considering  developing 
them,  according  to  the  study. 
But  17%  of  respondents  said 
that  they  don’t  foresee  devel- 


Wethington,  Missouri’s  CIO 
and  president  of  the  Lexing¬ 
ton,  Ky.-based  National  Asso¬ 
ciation  of  State  Chief  Informa¬ 
tion  Officers. 

Enterprise  architecture  is  a 
process  for  defining  IT  and 
business  process  principles 
and  standards.  It’s  also  used 
by  federal  and  state  govern¬ 
ments  to  integrate  and  consol¬ 
idate  IT  infrastructures  that 
have  been  built  agency  by 
agency  in  a  stovepipe  fashion, 
without  coordination. 

Wethington  said  his  state’s 
use  of  enterprise  architecture 
planning  has  given  him  the 
means  to  set  common  stan¬ 
dards  and  battle  agencies  ac¬ 
customed  to  making  their  own 
IT  decisions.  “If  I  had  not  had 
that  chief  architect ...  I  would 


oping  any  such  plans. 

“It  could  be  merely  that 
clarity  about  the  aim  and  func¬ 
tion  of  crisis  management  is 
needed,”  according  to  the 
study.  “It  could  also  be  ex¬ 
plained  in  terms  of  the  IT  sys¬ 
tems  not  being  deemed  mis¬ 
sion-critical  in  importance.” 

In  fact,  only  10%  of  compa¬ 
nies  said  they  always  evaluate 
new  initiatives  in  terms  of 
business  continuity. 

Susan  Bradley,  a  security 
manager  at  Tamiyasu,  Smith, 
Horn  and  Braun  Accountancy 
Corp.,  an  accounting  firm  in 
Fresno,  Calif.,  said  the  small  to 
medium-size  business  com¬ 
munity  is  never  proactive 
when  it  comes  to  ensuring 
business  continuity. 

“We  don’t  plan.  We  don’t  as¬ 
sess.  We  don’t  analyze.  We 
don’t  test.  We  don’t  plan  on  re¬ 
dundancy,”  Bradley  said.  The 
Dataquest  survey  indicates 
that  many  large  companies 
aren’t  doing  much  better,  she 
added. 

Although  the  Dataquest 
study  focused  on  the  respons¬ 
es  and  plans  of  IT  managers, 
John  Keast,  chief  operating  of¬ 
ficer  at  SEEC  Inc.,  a  Pitts¬ 
burgh  firm  that  develops  soft¬ 
ware  for  the  insurance  and  fi- 


have  had  eight  to  12  different 
agencies  fighting  for  their 
turf,”  he  said,  referring  to  a 
particular  help  desk  consoli¬ 
dation  project.  “I  can  over- 


No  Bonanza 

Federal  Sources  Inc.  warned  IT 
vendors  that  homeland  security 
won’t  produce  a  federal  spending 
spree  because  Congress  has  yet 
to  determine  what  to  fund. 

STATE  FUNDING:  In  fiscal  2003, 
states  received  $2.5  billion  for  home¬ 
land  security  needs;  that’s  expected 
to  rise  to  $2.6  billion  in  2004.* 


WHERE  IT’S  GOING:  Communica¬ 
tions.  criminal  justice  integration  and 
systems  for  detecting  and  controlling 
harmful  agents. 

*Most  state  fiscal  years  begin  in  July. 


MWe  don’t 
plan.  We 
don’t  assess. 

We  don’t  analyze. 
We  don’t  test. 

SUSAN  BRADLEY,  SECURITY  MAN 
A6ER,  TAMIYASU,  SMITH,  HORN  AND 
BRAUN  ACCOUNTACY  CORP. 


nance  industries,  said  that  al¬ 
though  the  CIO  designs  and 
implements  the  plan  and  like¬ 
ly  orchestrates  its  execution 
during  a  disaster,  the  ultimate 
responsibility  for  focusing  the 
appropriate  resources  on  dis¬ 
aster  recovery  and  continuity 
of  operations  planning  rests 
with  the  CEO,  the  chief  oper¬ 
ating  officer  and  the  board  of 
directors. 

“Losing  data  that  affects 
business  operations  is  avoid¬ 
able  and  unacceptable,”  said 
Keast.  “So  CEOs  and  COOs 
must  make  it  their  priority.”  I 

ROLE-PLAYING 

A  mock  disaster  scenario  was  played  out  at 
Computerworld' s  recent  Premier  100 
conference.  To  read  about  the  results,  visit 
our  Web  site: 

QuickLink  36860 
www.computerworld.com 


come  turf,”  Wethington  added. 

The  states  are  also  being 
pushed  into  using  enterprise 
architecture  by  the  Bush  ad¬ 
ministration,  which  wants  in¬ 
teroperability  with  state  sys¬ 
tems,  said  Howard  Stern,  se¬ 
nior  vice  president  of  FSI. 

One  IT  manager  who  says 
she  has  solved  the  problem  of 
redundant  systems  consolida¬ 
tion  is  Cathy  Maras-O’Leary, 
CIO  of  Cook  County,  Ill.  The 
second-largest  county  in  the 
U.S.,  Cook  County  centralized 
storage,  mainframe  and  net¬ 
work  support  for  150  agencies. 

“You’re  not  duplicating 
cost,”  Maras-O’Leary  said. 
Moreover,  she  added,  “e-com- 
merce  for  us  can  be  very  easy 
because  all  our  data  is  residing 
on  our  architecture.”  I 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Patch  It  Right  Now 


HAS  YOUR  SENDMAIL  BEEN  PATCHED?  Are  you  sure? 

If  the  answer  is  no,  stop  reading  this  and  get  it  taken 
care  of.  Not  later  today.  Not  later  this  minute.  You’re 
already  a  week  behind,  and  hackers  have  had  exploit 
code  working  since  last  Tuesday.  There  are  no  work¬ 
arounds.  Your  firewall  won’t  protect  you.  Your  virus  scanner  won’t 
protect  you.  A  properly  patched  sendmail  server  that’s  upstream 
from  your  site  will  remove  the  fangs  from  a  malicious  e-mail  mes¬ 
sage  that  exploits  this  security  hole  —  but  do  you  really  want  to 
depend  on  the  kindness  of  strangers? 

You  can’t  afford  that  risk.  So  find  out.  And  if  you  have  sendmail 
systems  that  haven’t  been  patched  or  upgraded,  do  it  right  now! 


How  bad  is  this  mess?  Between  50%  and  75% 
of  all  e-mail  on  the  Internet  is  handled  by  send¬ 
mail  servers.  The  bug  that  creates  the  security 
hole  is  about  a  decade  old,  which  means  if 
you’re  using  sendmail,  you  do  have  the  bug. 

And  since  it  took  less  than  48  hours  for  two 
separate  groups  of  hackers  to  come  up  with 
working  attacks  on  this  security  hole  after  it 
was  officially  announced,  you  can  reasonably 
expect  attacks  to  show  up  on  the  Internet  pret¬ 
ty  quickly,  too. 

Worse  still,  you  may  already  have  been  hit  by 
one.  A  successful  attack  won’t  leave  any  evi¬ 
dence  on  your  system  log.  Which  means  some¬ 
one  who’s  just  testing  the  technique  may  al¬ 
ready  have  tried  it  on  your  unpatched  sendmail 
systems,  and  you  have  no  way  of  knowing. 

The  good  news  —  yes,  there  is  some  good 
news  here  —  is  that  this  is  one  very  subtle  se¬ 
curity  hole.  It’s  no  simple  buffer-overflow 
problem,  like  so  many  we’ve  heard  about.  In 
this  case,  the  buffer  that  lets  the  bad  guys  in  is 
checked  to  make  sure  it  doesn’t 
overflow.  Trouble  is,  there’s  a  bug 
in  one  of  the  checking  routines. 

And  if  a  bad  guy  exploits  that  cod¬ 
ing  error  —  but  only  if  the  bad  guy 
knows  exactly  how  to  exploit  that 
specific  coding  error  —  sendmail  is 
vulnerable. 

Which  explains  why  it  took  10 
years  for  anyone  to  spot  the  prob¬ 
lem,  and  why  it  was  Internet  Secu¬ 
rity  Systems  in  Atlanta  that  spotted 
it,  not  some  malicious  adolescent  in 
his  bedroom.  The  problem  was 
buried  deep  in  code  that  has  been 


available  to  security  experts  and  nasty  crackers 
alike  —  and  until  now,  no  one  spotted  it. 

That’s  how  far  we’ve  come  on  security:  We 
now  have  so  many  researchers  digging  so  deep 
and  looking  so  carefully  that  we’re  finding  se¬ 
curity  holes  we  once  would  have  called  unfind- 
able.  We’re  no  longer  finding  bugs  just  in  new¬ 
ly  released  software.  We’re  finding  and  fixing 
the  flaws  deep  in  the  bedrock  of  our  IT  infra¬ 
structure.  And  that  makes  us  much  safer. 

But  ironically,  the  older  and  more  tested  and 
trusted  a  piece  of  software  is,  the  more  widely 
used  it’s  likely  to  be.  That  means  when  these 
new  deep  searches  for  security  holes  turn 
something  up,  the  potential  impact  is  huge.  Un¬ 
til  that  widely  used  software  is  widely  patched, 
we’re  at  risk  —  in  a  big  way.  Which  is  why, 
more  than  ever,  none  of  us  can  afford  any  de¬ 
lays  in  finding  the  security  holes  in  our  sys¬ 
tems  —  and  closing  them. 

So  make  it  a  priority.  Subscribe  to  a  security 
service  if  you  think  you  need  it.  If  you  don’t, 
put  someone  on  your  staff  in 
charge  of  scanning  security  sites 
and  news  groups  for  patches  you 
need  to  install. 

Then  come  up  with  a  plan  to  im¬ 
plement  those  patches  and  fixes 
fast.  And  make  sure  the  most  criti¬ 
cal  of  them  can  be  implemented  on 
an  emergency  basis. 

Because  finding  deep,  funda¬ 
mental  security  holes  like  the  one 
in  sendmail  really  does  make  us 
safer.  But  the  price  of  better  secu¬ 
rity  is  greater  risk  —  at  least  until 
we  apply  those  patches.  I 


frank  hayes.  Computer- 
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But  It’s  Better  Than  the  Fax 

IT  pilot  fish  is  suddenly  responsible  for  phone  service, 
so  she  asks  long-distance  provider  for  a  list  of  phone 
numbers  currently  getting  service.  And  gets  it  -  as  a 
blurry  29-page  fax.  Could  you  please  send  it  in  elec- 
ironic  form?  fish  asks.  “An  hour  later,  I  received  an 
e-mail  with  the  file  attached,”  says  fish.  “It  was  a 
Word  document  with  29  pages  of  screenshots  of 
the  spreadsheet  containing  our  phone  numbers.” 


SHARK 

TANK* 


There’s 
Two? 

This  user  com¬ 
plains  she  can’t 
log  on  -  her  Shift 
key  isn’t  working.  True 
enough,  says  pilot  fish, 
the  left-hand  Shift  key  on 
her  laptop  is  dead.  Is 
your  other  Shift  key  bro¬ 
ken  too?  fish  asks.  “Oth¬ 
er  Shift  key?”  says  user 
blankly.  “Oh!” 

Could  Be . . . 

This  intranet  application 
ran  fine  for  two  months, 
but  now  it’s  crashing  the 
server,  so  pilot  fish  opens 
an  error  ticket.  Four  days 
later,  server  admins  re¬ 
turn  his  ticket  marked 
“Solved,”  adding,  "We 
watched  the  error  log  for 
four  days,  and  no  further 
entries  were  written  into 
it,  so  we  assume  the 
problem  has  disap¬ 
peared.”  Sighs  fish,  “Is  it 
possible  that’s  because 
the  application  has  not 
been  running  for  four 
days?” 

Why  Not  Oil  ft? 

This  printer  has  a  paper 
jam,  and  it’s  squeaking 
too,  user  tells  help  desk 
pilot  fish.  “What  I  found 
when  I  got  there  wasn’t 
what  I  expected,”  fish 
says.  “A  mouse  had 
made  the  printer  casing 
his  home  and  was  par¬ 
tially  caught  in  the 
rollers.  After  carefully  re¬ 
moving  all  doors  and 


panels  that 
might  block  the 
way,  I  shook  the 
printer  casing 
and  set  it  on  the 
floor  -  after  which  the 
mouse  left  the  printer.” 


I  That  Seems 
1  Clear  Enough 

j  Pilot  fish  sends  self-load- 
i  ing  update  CDs  to  field 
j  staff  every  month.  But 
!  this  time,  it’s  more  com- 
\  plicated,  so  fish  includes 
j  a  note  that  says  in  big, 
j  bold  letters  at  the  top, 

I  “You  must  follow  these 
j  instructions!”  Says  fish, 

;  “I’ve  had  about  20  calls 
j  that  go  like  this:  Have  you 
I  got  the  instructions?  Yes, 
j  I  have  them  in  my  hands. 

I  Have  you  read  them? 

|  Click.  Dial  tone.  So  far, 

\  none  have  rung  back  for 
j  further  instructions.” 

1  Where  Great  Ideas 
j  Come  From 

|  Consultant  pilot  fish  is  on 
j  the  phone  with  vendor's 
j  support  tech,  but  having 
!  trouble  -  tech  keeps 
i  throwing  out  the  vendor’s 
i  internal  jargon  instead  of 
j  industry-standard  terms, 
j  Maybe  you  could  write  a 
j  dictionary  of  your  terms 
j  and  customers  could 
j  study  it  to  make  these 
!  tech  support  calls  more 
|  meaningful,  fish  suggests 
j  sarcastically.  “That’s  a 
j  great  idea,”  tech  chirps. 

\  Til  talk  to  my  boss 
j  about  it!” 


OFEED  THE  SHARK!  Send  your  true  tale  of  IT  life  to 
sharky@computerworid.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 
compu1erworld.com/sharky. 


What  one  thing  do  investors  understand 
about  your  company  better  than  you  do? 


Your  competitive  advantage. 


In  an  era  of  disruptive 
change,  Moore  uses  investor 
perspective  to  give  management 
teams  the  strategy  tools  they 
need  to  navigate. 


‘This  book  is  a  must  read  for  CEOs  and  their  executive 
team....  According  to  Geoffrey  Moore,  you  had  better  start 
shedding  non-core  activities  quickly  or  your  company 
will  become  a  victim.” 

-VICE  PRESIDENT  DICK  CHENEY 


“When  you  live  on  the  fault  line,  you  have 
to  reinvent  yourself  every  single  day.” 

-BOB  HERBOLD,  FORMER  EXECUTIVE  VICE 
PRESIDENT  AND  COO,  MICROSOFT 


“Moore  shows  convincingly  that  technology  and 
capital  market  efficiency  have  fundamentally 
changed  not  just  the  reality  that  all  managers  face, 
but  have  changed  the  way  they  need  to  define, 
measure  and  manage  success.  This  is  a  great  book.” 
-CLAYTON  CHRISTENSEN,  AUTHOR  OF 
THE  INNOVATOR’S  DILEMMA 


Best-Selling  Author  of 
Crossing  the  Chasm  and  Inside  the  Tornado 
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VERITAS  Software  lowers  your  storage  cost;  regardless  of 
the  hardware.  EMC.  Hitachi.  HP.  IBM.  Sun.  What’s  your  agenda? 
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